Lat week we reported on the quick change in Okta’s stance on a January security incident that turned out to be much larger and have the volatile hacking group Lapsus$ behind it. The original disclosure was that a single third-party contractor account had an unsuccessful attempt to compromise Okta’s systems. Okta states that they turned over information around the incident to Sitel, the third-party that provides customer support. Once this was done, Okta basically washed their hands of it and sat back waiting to hear what Sitel found.

On the 22nd of March Okta finally confirmed that they were breached in January for a period of 5 days. The breach, according to information now disclosed, happened due to the compromise of an account of a support engineer. The compromised user was not an Okta employee but belonged to a third party engineer working for Sitel. This event was downplayed by Okta as they claimed only the account was impacted and no clients were known to be exposed at the time.

Once again Google has been caught with their hands in the personal data collection cookie jar. It seems that their Messages and Phone Dialer Apps were sending information about your calls and messages without giving the user any chance to opt-out of this data collection. They also perform this data collection without any user notification at all.

Microsoft has finally acknowledged the attack and theft of source code by the Lapsus$ group (tracked as DEV-0537). According to the announcement, a single user account was compromised to gain limited access to their systems and source code. The public confirmation which Microsoft published late Tuesday (March 22, 2022) not only includes details about the attack on Microsoft, but also some detailed information about the TTPs (tactics, techniques, and procedures) used by the group.