Lapsus$, the New CEO of Okta

Hacking group Lapsus$ said in its Telegram channel on Monday that it’d gained privileged access to some of Okta's proprietary data, a single sign-on provider with 15,000 customers, including Peloton, Sonos, T-Mobile and the FCC.

• Okta confirmed Tuesday that ~2.5% of its customers may have been affected in a January 2022 hack.

💻 The deets… Lapsus$ appeared three months ago, and seems to operate out of South America or possibly Portugal, per researchers at security firm Check Point. The group threatens to publicly release the data they access unless the victim pays a hefty ransom – and boy, have they been busy.

• Earlier this year, the group compromised the websites of Portuguese media conglomerate Impresa, tweeting the phrase "Lapsus$ is now the new president of Portugal" from one newspaper's Twitter accounts.
• Last month, the group leaked proprietary info about chipmaker Nvidia online – and then hit Samsung a couple of weeks ago.
• This brings us to Monday, when Lapsus$ posted a BitTorrent link to a file archive that allegedly contained the source code for Bing, Bing Maps and Cortana. Microsoft confirmed the hack in a blog post on Tuesday.

How the group managed to infiltrate these targets (👆) has never fully been clear to the public, but the Okta breach may help explain some of it.

🌐 Zoom out: Global ransomware attacks increased 105% last year, per cybersecurity firm SonicWall, with incidents affecting the world’s largest meat supplier (JBS) and America’s largest fuel pipeline (Colonial Pipeline).