"WASHINGTON, March 22 (Reuters) - Authentication services provider Okta Inc is investigating a report of a digital breach, the company said on Tuesday, after hackers posted screenshots showing what they claimed was its internal company environment. A hack at Okta could have major consequences because thousands [15,000+] of other companies rely on the San Francisco-based firm to manage access to their own networks and applications... The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was 'ONLY on Okta customers.'..." https://www.reuters.com/technology/...it-is-investigating-report-breach-2022-03-22/
"'This Is Really, Really Bad': Lapsus$ Gang Claims Okta Hack Lapsus$ leaking Microsoft source code would be bad enough. Breaching Okta could prove much, much worse..." https://www.wired.com/story/okta-hack-microsoft-bing-code-leak-lapsus/
"Okta Confirms 2.5% of Customers Impacted by Lapsus Breach... The authentication firm’s chief security officer, David Bradbury, said 2.5% of its estimated 15,000+ customers were potentially affected by the breach and that their data 'may have been viewed or acted upon.'..." https://www.infosecurity-magazine.com/news/okta-25-customers-impacted-lapsus/
"Teen Suspected by Cyber Researchers of Being Lapsus$ Mastermind... Cybersecurity researchers investigating a string of hacks against technology companies, including Microsoft Corp. and Nvidia Corp., have traced the attacks to a 16-year-old living at his mother’s house near Oxford, England..." https://www.bloomberg.com/news/arti...hers-of-being-lapsus-mastermind?sref=ylv224K8
I got this news on my feed also, via Brian Krebs. Never expected a 17 year old (or as some reported: 16-yr. old). Here's some more if anyone is interested: https://twitter.com/jeffstone500/status/1507010301694152714
"Lapsus$ hackers are "back from vacation" as Globant hit... The Lapsus$ hacking group appears to have struck again, with the latest victim is Globant - a software development company from Luxembourg. The group has said it is 'back from vacation', and posted a 70GB torrent file on its Telegram channel, claiming the dump contains Globant’s customer source code, among other items. The company’s customers include Google, LinkedIn, EA, and Coca-Cola, among others..." https://www.techradar.com/news/lapsusdollar-hackers-are-back-from-vacation-as-globant-hit
https://www.bleepingcomputer.com/ne...teenagers-linked-to-the-lapsus-hacking-group/ excerpt: "Two teenagers from the UK charged with helping the Lapsus$ extortion gang have been released on bail after appearing in the Highbury Corner Magistrates Court court on Friday morning. According to a statement from Detective Inspector Michael O'Sullivan of the City of London Police, a 16-year-old and a 17-year-old were charged following an international investigation into members of a hacking group. "Both teenagers have been charged with: three counts of unauthorised access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorised access to a computer with intent to hinder access to data," O'Sullivan said. "The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorised access to a program." While the UK police detective didn't name the gang the two teens worked for, a BBC report linked them to the Lapsus$ group today and said they were released on bail, "subject to certain conditions."'
I still can't believe that teenagers were able to hack these companies. It does make you wonder how many other companies in the world are getting owned by even more experienced hackers. But I'm sure these guys will eventually be offered jobs, just like they did with Kevin Mitnick for example.
Here we go again, now Okta's source code has been stolen via GitHub. And companies like Okta and Twilio are supposed to keep computer networks safe from hackers? https://www.bleepingcomputer.com/ne...code-stolen-after-github-repositories-hacked/