Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft hacker LAPSUS$ just claimed yet another victim

Add as a preferred source on Google

LAPSUS$, the group behind the unprecedented Nvidia hack, has successfully infiltrated another company, digital security authentication firm Okta.

A cybersecurity incident was confirmed to have occurred in January, with the investigation from a forensics firm revealing that a hacker did indeed gain access to an Okta support engineer’s laptop for a full five days.

A person inputs code into a system.
Image used with permission by copyright holder

The consequences for the latest victims of LAPSUS$ can’t be understated: Okta’s service is used by some of the world’s biggest companies, including FedEx and T-Mobile. Government agencies such as the Federal Communications Commission also rely on its authentication technology.

Recommended Videos

In a statement, Okta stressed that only a minor percentage of its customers were affected.

“After a thorough analysis of these claims, we have concluded that a small percentage of customers – approximately 2.5% – have potentially been impacted and whose data may have been viewed or acted upon.”

Okta’s latest comments come after LAPSUS$ released several photos on its Telegram channel containing sensitive information pertaining to the breach.

Okta’s response to the incident prompted a stern reaction from some, including Dan Starner, an infrastructure software engineer at Salesforce. As initially reported by VentureBeat, Starner tweeted:

I said last night this was very, very bad.

Today I trusted @okta and thought it was okay.

Now I know it’s very, very bad and that I don’t trust @okta anymore. Security is hard and breaches happen, but lying by omission is worse than telling us our data may be compromised. https://t.co/TjaXt08RKc

— Dan Starner (@danstarner.bsky.social) (@dan_starner) March 23, 2022

Bill Demirkapi, an independent security researcher, also offered his thoughts on the situation, as reported by Reuters:

“In my opinion, it looks like they’re trying to downplay the attack as much as possible, going as far as directly contradicting themselves in their own statements.”

LAPSUS$ said on its Telegram channel that its “focus was ONLY on Okta customers,” as opposed to the company itself. It also added that “the potential impact to Okta customers is NOT limited.”

“I’m pretty certain resetting passwords and [Multifactor authentication] would result in complete compromise of many clients systems,” the hacking group stated.

This is our 3rd attempt at sharing the 5th – 8th photo. LAPSUS$ displayed a lot of sensitive information and/or user information, so much so we end up missing to censor some.

Photos 5 – 8 attached below. pic.twitter.com/KGlI3TlCqT

— vx-underground (@vxunderground) March 22, 2022

Elsewhere, Okta spokesperson Chris Hollis stressed in an earlier statement to The Verge that the attack was confined to the activity initially detected in January. However, LAPSUS$ asserted that it had access to the “Superuser/Admin” account for two months. To that end, the group said Okta was apparently storing Amazon Web Services (AWS) keys within Slack channels.

Okta is not the only high-profile company LAPSUS$ has targeted this week. Software giant Microsoft also confirmed that a malicious threat actor managed to gain “limited access” to its systems. As a result, the source codes for both Cortana and search engine Bing were reportedly leaked.

Previously, LAPSUS$ leaked the source code for Nvidia’s proprietary DLSS code, which was a part of a larger 1TB hack.

Zak Islam
Former Contributor
Zak covers the latest news in the technology world, particularly the computing field. A fan of anything pertaining to tech…
I hope Apple keeps the MacBook Neo away from the AI hype and preserves its true identity
The cheapest MacBook beats the cheapest AI MacBook.
Computer, Electronics, Laptop

If there's one thing that has disrupted consumer tech economics over the last year while changing how we understand and recommend products, it's the ever-rising cost of memory and chips. 

The desperate need to scale up AI infrastructure has pushed major manufacturers to prioritize enterprise demand, leaving everyday consumers with far fewer choices. Those available cost significantly more than they did a year ago.

Read more
I let Radial menu take over my Mac, and I’m never going back
One mouse jiggle, endless shortcuts. My Mac has never felt this fast.
Radial app running on Mac

I have been testing Radial for the past week, and it's quickly become one of those apps I didn’t know how I could live without. It's a radial menu for macOS that puts your shortcuts, scripts, and automations right where your cursor is, so you never have to go hunting through menus to find what you need.

The app just received its 5.0 update, adding AI actions powered by Claude, window layouts, variables, a redesigned settings interface, a new Atmosphere background effect, and a squircle menu shape. I got to try most of these, and here's what I found.

Read more
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more