Okta Inc
According to a blog post by Okta, the intrusion originated from a breach in the computer of an employee of customer service firm Sitel, which Okta had contracted. Hackers were able to log in to the computer remotely. However, given the limited nature of Sitel's role in Okta's operations, the computer had little to no access to any significant databases.
"The majority of support engineering tasks are performed using an internally-built application called SuperUser or SU for short, which is used to perform basic management functions of Okta customer tenants," Chief Security Officer David Bradbury said. "This does not provide 'god-like access' to all its users. This is an application built with least privilege in mind to ensure that support engineers are granted only the specific access they require to perform their roles."
The hackers had limited access to Okta's services for part of January until the account's access was suspended. Because of the limited reach of the account, Okta stated that no fixes would be required and that no customers were affected.
"I am greatly disappointed by the long period of time that transpired between our initial notification to Sitel in January, and the issuance of the complete investigation report just hours ago," Bradbury commented.
While not associated with the ongoing war, the hack comes amid an atmosphere of growing cybersecurity woes amid the Russian invasion of Ukraine. While the hack was comparatively small compared to others, and security/access companies are enjoying a bit of a boost on Wall Street, the weeks-long period before Okta learned of the breach likely made investors anxious. Okta shares were down 17.28% for the week at market close on Thursday.
