Data Breaches Suffered by Microsoft and Okta Following Targeting by Cybercrime Group

Summary:

Microsoft and Okta have both confirmed suffering data breaches after a cybercrime group announced targeting them, but the companies claim impact is limited. A threat group calling itself Lapsus$ announced recently that it had gained access to the source code of Microsoft products such as Bing and Cortana. They leaked nearly 40 Gb of files allegedly belonging to the tech giant. However, Microsoft noted that it does not rely on the secrecy of code as a security measure, and it has assured customers that the exposed code “does not lead to elevation of risk.” The company also pointed out that customer code or data have not been compromised. As for identity and access management company Okta, the Lapsus$ group has not leaked any actual data. Instead, they published several screenshots to demonstrate that they gained access to Okta customer accounts. The screenshots appear to show their ability to reset passwords and access an admin panel with elevated privileges, among others.

Additional Discussion:

Link:

• https://www.securityweek.com/microsoft-okta-confirm-data-breaches-involving-compromised-accounts