Hackers may have entered Lapsus $Okta through password spreadsheet – Computer – News

$Lapsus hackers who hacked security firm Okta earlier this month found a spreadsheet containing passwords held by a subcontractor of the company. Hackers may have entered Okta’s systems through that company, Sitel.

Attackers who have already octa conquered They may have used the passwords they found on Sitel, TechCrunch writes Based on the documents surrounding the hack. These documents provide more details about how the attackers hacked Sitel’s customer service company and got into Okta from there. Okta has outsourced customer service tasks to Sitel. According to the documents, Lapsus hackers hacked $ there on January 21. This happened via a VPN that Sitel used on an old network of parent company Sykes.

The hackers then moved through the Sitel network using remote access services and publicly available hacking tools. This would also hack the Azure environment. Hackers gained access to Sitel’s systems for five days. Then Sitel resets all passwords on the network.

While searching the Sitel network, hackers found a file called DomAdmins-LastPass.xlsx. It could be an export of your LastPass account, according to Techcrunch. Five hours after discovery, the attackers were able to enter Okta’s networks. The hackers also created a backdoor by creating a new user on Sitel Sykes’ parent company’s network, in case they were banned. Although the docs don’t specifically specify whether the passwords in the spreadsheet were used to access Okta, it does match the hack’s timeline.

Octa has now Instructions Sorry for the slow response to the leak. “We made a mistake. Sitel is the service provider that we are ultimately responsible for,” the company wrote. Okta had been aware of the possibility of Settle’s break-in for some time, but hadn’t come up with it. The company now says it believes there will be little risk to customers.