Recently, the group cybercriminals LAPSUS$ has put several companies in trouble by hacking different data ranging from source code of NVIDIA and Samsung technologies, to the latest attack on authentication services company OKTA, dwhere the attackers gained access to various administrator accounts on their systems with privileges capable of deleting users or modifying virtually any service. Now we have been able to know some details of that attack. Okta has apologized for his mistake of not notifying his clients of the attack. Apparently, as they have explained, the group of attackers (located in South America) managed to get hold of accounts and passwords that an employee of site, Okta clients, saved to an open Excel file without any security. To access them, they used an existing VPN that gave them access to the company’s local network.
DomAdmins-LastPass.xlsx is the name of the file that contained the passwords
The file where the passwords were kept didn’t have a very discreet name either: “DomAdmins-LastPass.xlsx'”. As its name implies, the file contained administrator passwords that had been exported from LastPass, a popular password management service. When the employee account was used to access, Okta detected an access attempt from another location, notified Sitel and they hired a security company, but in no case was it considered that the problem could affect more clients or systems. End of Article. Tell us something in the Comments!
Computer Engineer by training, writer and hardware analyst at Geeknetic since 2011. I love to gut everything that passes through my hands, especially the latest hardware that we receive here to review. In my free time I mess around with 3d printers, drones and other junk. For anything here I am.