cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Okta and Microsoft incidents by LAPSUS$

HI All

 

How do you feel about the Okta and Microsoft incident outed by LAPSUS$?

 

https://www.linkedin.com/pulse/open-letter-okta-amit-yoran/?trackingId=p3x2Rvmp%2FPqiUhfPOyWBiA%3D%3...

 

https://www.digitalshadows.com/blog-and-research/the-okta-breach-what-we-know-so-far/

 

Is your organisation a victim?

 

How are you coping with the incident Response?

 

Could Okta have done better?

 

Regards

 

Caute_Cautim

 

 

 

7 Replies
csjohnng
Community Champion

I like to the sentence "Trust is built on transparency and corporate responsibility, and demands both"

 

I don't know, but very likely the CISO of Okta will have (is having) a tough time.

Honestly by not reporting and disclosing is really bad and until LAPSUS$ call upon, that is the worst nightmare. Being compromise is bad (for sure), but this even look worst.

 

 

John
dcontesti
Community Champion

Great links, thanks for sharing.

 

Here is a note from the CSO of OKTA in which he lays out the timelines.

 

https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/

 

I wonder how long he will be in place?

 

Regards

 

d

 

dcontesti
Community Champion

AndreaMoore
Community Manager

@dcontesti 

My favorite part of that article you shared is the quote from the father (last paragraph of the article).

 

"He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer,” the father said, according to BBC News. “I always thought he was playing games. We’re going to try to stop him from going on computers.” 




ISC2 Community Manager
Caute_cautim
Community Champion

@AndreaMooreDefinitely a good one, however it also good to see Okta actually agree that they did the wrong thing, by keeping the situation quiet to the rest of the world for a prolonged period.  

 

The made a "mistake"  https://venturebeat.com/2022/03/25/okta-on-handling-of-lapsus-breach-we-made-a-mistake/

 

At least they acted quickly to remedy the situation too.

 

Regards

 

Caute_Cautim

 

 

Caute_cautim
Community Champion

Hi All

 

This is a deep and long analysis on the Okta incident, with many lessons to be learnt?

 

But will it be learnt and how will others learn from this experience?

 

https://siliconangle.com/2022/04/09/ripple-effects-okta-security-breach-worse-think/

 

Regards

 

Caute_Cautim

csjohnng
Community Champion

Good sharing and interesting.

 

I think the CISO's comments are fair. The technical damage is minimal but it's the damage to the trust and reputation and this is a perfect PR disaster.

 

Trust is built on Transparency, Accountability and Assurance.

What does Okta give customer?

John