Okta says 366 corporate customers, or about 2.5% of its customer base, were impacted by a security breach that allowed hackers to access the company’s internal network.
The authentication giant admitted the compromise after the Lapsus$ hacking and extortion group posted screenshots of Okta’s apps and systems on Monday, some two months after the hackers first gained access to its network.
The breach was initially blamed on an unnamed subprocessor that provides customer support services to Okta. In an updated statement on Wednesday, Okta’s chief security officer David Bradbury confirmed the subprocessor is a company called Sykes, which last year was acquired by Miami-based contact center giant Sitel.
Customer support companies like Sykes and Sitel often have wide access to the organizations that they support for facilitating customer requests. Malicious hackers have previously targeted customer support companies, which often have weaker cybersecurity defenses than some of the highly-secured companies that they support. Microsoft