Okta now manages devices of third parties accessing its customer support tools

Share post:

Identity and access management provider Okta says a cyber attacker accessed the data of only two customers, not 366 as originally feared, after the hacking of one computer at a third-party support supplier by the Lapsus$ extortion gang. In a report Wednesday, Okta chief security officer David Bradbury said the January attack on customer support provider Sitel lasted only 25 minutes. “During that limited window of time, the threat actor accessed two active customer tenants within the SuperUser application (whom we have separately notified), and viewed limited additional information in certain other applications like Slack and Jira that cannot be used to perform actions in Okta customer tenants,” he wrote. The threat actor was unable to successfully perform any Okta configuration changes, multifactor authentication password resets or customer support “impersonation” events, Bradbury said. Nor was the attacker able to authenticate directly to any Okta accounts. Among a number of moves being made to improve customer trust, Okta is terminating its relationship with Sykes/Sitel, and will now directly manage all devices of third parties that access its customer support tools. A section entitled “Lessons Learned,” included three categories: 1. Third-party risk management:
  • Okta said it is strengthening its audit procedures of its sub-processors and will confirm they comply with its new security requirements. “We will require that sub-processors who provide Support Services on Okta’s behalf adopt ‘Zero Trust’ security architectures,” the report says, “and that they authenticate via Okta’s IDAM solution for all workplace applications.”
2. Access to customer support systems:
  • Okta will now directly manage all devices of third parties that access its customer support tools, providing the necessary visibility to effectively respond to security incidents without relying on a third party. “This will enable us to significantly reduce response times and report to customers with greater certainty on actual impact, rather than potential impact,” the report said.
  • The company is making further modifications to its customer support tool to restrictively limit what information a technical support engineer can view. These changes also provide greater transparency about when this tool is used in customer admin consoles (via System Log), it said.
3. Customer communications: Okta is reviewing its communications processes and will adopt new systems to communicate more rapidly with customers on security and availability issues. “It pains us,” Bradbury wrote, “that while Okta’s technology excelled during the incident, our efforts to communicate about events at Sitel fell short of our own and our customers’ expectations.” Last month Bradbury admitted that Okta should have moved faster to get the full report from Sitel about the cyberattack. The summary it saw led Okta to initially downplay the attack. It was only when the Lapsus$ gang published screenshots of the customer data it saw did Okta realize the possible problems. The post Okta now manages devices of third parties accessing its customer support tools first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Socket develops tool to protect developers from npm vulnerabilities

Socket, a security firm, has created a new method for protecting developers from the flaws in npm, GitHub's...

Google spots vulnerabilities in Exynos chips that could affect Androids

Google is urging Android phone owners, such as those who own Samsung, Pixel, or Vivo phones, to take...

Orlando Family Physicians agrees to settle clients affected by data breach

Orlando Family Physicians (OFP) has reached a class action settlement to resolve claims stemming from a 2021 healthcare...

FBI arrests alleged head of BreachForums criminal market

Man arrested in New York state is believed to have run one of the biggest criminal forums in

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways