Okta has disclosed that only two active customer tenants were compromised by the Lapsus$ hacking group
during a January attack against a third-party vendor, contrary to the initial estimate of up to 366 customers that could have been impacted by the breach, VentureBeat reports.
Findings from an extensive investigation of Okta's internal security experts
and a third-party revealed that Lapsus$ gained control over a Sitel engineer's workstation for 25 minutes on Jan. 21, which later allowed access to two customers in the SuperUser application. Limited information on Slack, Jira, and other applications have also been viewed by Lapsus$ as a result of the intrusion, according to Okta, which has pledged to strengthen its incident response measures following the delayed notification of the incident.
"That starts with reviewing our security processes and pushing for new ways to accelerate updates from third parties and internally for potential issues, both big and small. We will continue to work to assess potential risks and, if necessary, communicate with our customers as fast as we can," said Okta.