Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer.
The company added that 366 corporate customers, or about 2.5% of its customer base, may have been impacted by the "
Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. "No customer code or data was involved in the observed activities," Microsoft's Threat Intelligence Center (MSTIC) said, adding that
The data-extortion gang got at Microsoft's Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.
Trust, but verify. While organizations wait for official alerts and notifications from Okta, security teams should also begin their own investigations to determine whether they have been exposed.
Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang.
The development, which was first reported by Vice and Reuters, comes after the cyber criminal group posted screenshots and source code of what it said were the companies' internal projects and systems on its Telegram channel.
The leaked 37GB
Over the past year, organisations in Asia have embraced the zero trust security framework at a fast pace, recognising the need to upgrade their IT security strategy to address the