According to Okta, 366 enterprise customers, or about 2.5% of the customer base, were affected by a security breach that allowed hackers to access the enterprise’s internal network.
After a Lapsus $ hacking and robbery group posted a screenshot of Okta’s app and system on Monday, about two months after the hacker first accessed the network, the authentication giant admitted the breach. ..
This breach was initially caused by an unnamed subprocessor that provides customer support services to Okta. In a recent statement on Wednesday, Okta Chief Security Officer David Bradbury confirmed that the subprocessor was acquired by Miami-based contact center giant Sitel last year at a company called Sykes.
Customer support companies like Sykes and Sitel often have extensive access to supporting organizations to facilitate customer requests. Malicious hackers used to target customer support companies. Customer support companies often have weaker cybersecurity defenses than some of the highly secure companies they support. Both Microsoft and Roblox have experienced similar targeted breaches of customer support agent accounts that lead to access to internal systems.
According to Bradbury, in the case of Okta, the Lapsus $ hacker was on the Sitel network for five days from January 16th to 21st, 2022, and the hacker was detected and launched from the network.
Okta faced considerable criticism from the security industry as a whole about dealing with breaches and delaying customer notifications by months at the same time as the news was reported on social media. According to Bradbury, Sitel commissioned an unnamed forensic company to investigate and ended on March 10. Only a week later, the report was handed over to Okta on March 17th.
“I’m very disappointed in the long period from notification to Saitoru to the issuance of a complete research report,” Bradbury said, and Octa “acts faster” to understand the meaning of the report. It should have been. “
However, an email from a Sitel representative disputed how Okta characterized the report, and the security breach “did not affect the traditional Sitel Group’s system or network. The traditional Sykes network. Only affected. “(Sitel personnel declared the email” off record “, which requires both parties to agree to the terms in advance. Answered because they did not have the opportunity to decline. Is being printed.) The following was added to the email. It is the cause of a security breach of the client’s system or network on the traditional Sykes or Sitel Group side. The email stated that Sitel had no evidence of data breaches, but whether there were any means, such as logs, to identify what the attacker had accessed or stolen. The company did not reveal. Sitel did not appoint a forensic company to investigate the breach.
A previous statement by Sitel spokesperson Rebecca Sanders said: We cannot comment on our relationship with any particular brand or the nature of the services we provide to our clients. “
Okta hasn’t answered TechCrunch’s question about the breach yet.