Microsoft and Okta Confirm Breaches by Lapsus$ Hacking Crew

Microsoft and Okta Confirm Breaches by Lapsus$ Hacking Crew Featured Image
Ivana Vojinovic Image

March 25,2022

DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.

On March 22, Microsoft officially confirmed that Lapsus$, a data extortion hacking group, managed to get limited access to its systems. 

The confirmation came after, on March 20, Lapsus$ announced it had gained access to source code for Cortana, Bing, and projects stored on the Azure DevOps server, revealing a screenshot of the Azure DevOps leak on its Telegram account with over 33,000 subscribers. 

The following day, Lapsus$ posted a torrent file with a 9-GB 7zip archive. It contained 37 GB of alleged source code from Microsoft and internal project documentation and emails. Microsoft’s cybersecurity researchers reviewed this archive and confirmed that the company’s internal source code leaks were legitimate.

On that same day, March 21, Lapsus$ made publicly known it had gained access to an Okta administrative account via a support engineer’s laptop, jeopardizing 2.5% of Okta’s customers and their data. The extortion group published this news as a series of screenshots via its Telegram account. Lapsus$’s claim has since been confirmed in a statement by Okta’s chief security officer David Bradbury.

Okta is a large identity and access management platform that provides fast and secure authentication services to thousands of corporate clients; however, due to the potential severity of this breach, many companies have considered distancing themselves from Okta. Cloudflare, which uses Okta’s services for internal employee identification, launched an investigation of the Okta breach to determine whether its own customers had been compromised by the attack.

Digital extortion group Lapsus$ emerged in December 2021. It soon attracted the attention of cybersecurity experts by managing to steal valuable data from large companies such as Samsung, Ubisoft, Nvidia, Vodafone, and Mercado Libre. Its hackers rely on phishing to fool victims and bribe corporate insiders for access. The rise of similar malicious parties is, for many, a sign that companies and individuals alike need to invest more in data loss prevention software and other cybersecurity tools.

There are no comments yet
Leave your comment

Your email address will not be published.*