“This is really, really bad.” Okta, Microsoft hit by major, troubling breaches.

Late Monday, the LAPSUS$ digital extortion gang used its Telegram channel to publish an increasingly shocking series of posts highlighting its latest exploits.


The posts include what appear to be extensive source code from Microsoft’s Bing search engine, Bing Maps, and the Windows Cortana Virtual Assistant software. And while the potential breach of such a large and security-conscious organization like Microsoft would be newsworthy on its own; the following screenshots caused greater alarm by displaying screenshots showing access to an Okta “super user” account. Access to such an account grants full administrative privileges to Okta’s multi-factor authentication platform, and therefore likely the entire Identity practice of organizations using Okta to secure user identities.


"There is a nonzero possibility of this being SolarWinds 2.0 … it is indeed quite a big deal”

- Dan Tentler, Phobos Group


Given the substantial market size of companies using Okta for their multi-factor authentication, the concern over this intrusion spread quickly. Using similar tactics, groups have orchestrated attacks like the infamous 2020 Twitter take down where attackers used administrative privileges like the ones shown for Okta to reset target accounts, passwords, associated emails and generally take control and lock the proper users out. When you think about the havoc this could wreak on the central identity provider for multi-national corporations compared being locked out of your Twitter account, the potential ramifications are hard to quantify.


"This is really, really bad.”

-Bill Demirkapi, Independent Security Researcher


Both Microsoft and Okta are aware of the claims but have not commented other than to point out that data on the Okta-related screen shots indicate they were taken in January 2022.

We will keep an eye on this story as it continues to develop and keep the updates coming your way.


Does this week’s news have you rethinking your current identity practice?


Are you ready to look into the differences between next-generation Trusted Passwordless MFA™ and legacy MFA that is struggling to adapt to an ever-changing world?


Reach out to John Devins from our Development team at john.devins@softwarfare.com to set up some time to see a demonstration of our solutions and to learn more.


Want to go a little deeper into this latest Lapsu$ attack? Check out the following:

https://www.wired.com/story/okta-hack-microsoft-bing-code-leak-lapsus/

https://www.wired.com/story/okta-hack-customers-lapsus-breach/

https://www.reuters.com/technology/authentication-services-firm-okta-says-it-is-investigating-report-breach-2022-03-22/