Okta's Compliance Gaps Contribute to Confirmed Breach


Hackers


Identity and access management company Okta acknowledged recently that the laptop for a third-party  support engineer was accessed by LAPSUS$, an extortion-based hacking group, during a five-day window between January 16 and 21.


The financially motivated group usually breaks into a company's network, steals sensitive data, and then blackmails the company into paying up by making parts of the stolen data publicly available. One of the results of the attack was the attackers having access to see the 8.6K Slack Channels that Okta uses and that they store AWS Keys in Slack channels.


The hacking group taunted Okta by speaking to their non-compliance in doing so. Not only did storing AWS security keys in Slack make them non-compliant, it made them vulnerable.


Do you know if any of your systems are making you vulnerable, non-compliant and increasing the possibility of a cyber attack on your business? Not sure? Don't worry.


Click below to schedule a call and let's get it figured out!





Mar 27, 2022 | by