The Lapsus$ hacking group allegedly hacked into Okta, a major provider of cloud-based identity and access management services early this year. The Lapsus$ group has leaked screenshots of data from Okta’s internal systems. The Lapsus$ hackers claims to have had access to Okta customer accounts and that their goal was not to “harm” Okta, but to gain direct access to Okta customer data using the cloud-based authentication service.
Investigations at Okta point to the breach originating from a laptop at a third-party vendor providing Okta customers helpdesk support. Okta claims that likely 366 of their customers may have had their data exposed. The experts at security company Kaspersky Lab believe the hackers access to Okta’s systems may explain a number of the rather high-profile data leaks from large companies (e.g. Microsoft, Nvidia and Samsung) for which Lapsus$ hackers have claimed responsibility.
Not a lot of deep technical details are available at the time of this post, but this case clearly shows the danger of using a cloud-based/outsourced MFA authentication service. With an on-premise GreenRADIUS MFA deployment, our customers are in control over the MFA secrets and access control, and no internal authentication requests are exposed to the cloud. See more GreenRADIUS benefits here.