Okta ends Lapsus$ hack investigation, says breach lasted just 25 minutes

Photo by Amelia Holowaty Krales / The Verge

Okta's internal investigation found that the impact of the hack was less serious than initially thought.

David Bradbury, Okta's chief security officer, stated in a post published Tuesday that the company had been transparent by sharing details of the hack soon after it was discovered but that further analysis had reduced the potential scope.

As a result of the thorough investigation of our internal security experts, as well as a globally recognized cybersecurity firm who we engaged to produce a forensic report, we are now able to conclude that the impact of the incident was significantly less than the maximum potential impact.

Okta's systems were compromised by the Lapsus$ hacker group on January 21st when they gained remote access to a machine belonging to an employee of Sitel, a company that provides customer service functions for Okta. The Okta was embarrassed when a member of Lapsus$ shared details of the hack in a Telegram channel.

Okta is a hub for managing access to numerous other technology platforms and the breach was especially worrying because of that. Okta provides a single point of secure access for companies that use enterprise software such as Microsoft Office, and lets administrators control how, when, and where users log on.

Bradbury told the press and customers in March that the company's security protocols had limited the hackers' access to internal systems.

A recent forensic report found that the access period was only 25 minutes and that the maximum period of unauthorized access was no more than five days. The new report found that only two Okta customers had access to their systems.

Okta said that Lapsus$ had not been able to make configuration changes during the brief access period.

The company's reputation may still have taken a hit because of the forensic report, but Okta's handling of the breach seems to have been done in accordance with best practices for disclosure and response.

While the compromise has been determined to be significantly smaller than we initially thought, we recognize the toll this kind of compromise can have on our customers and their trust in Okta.