Okta, a cloud software company, announced in January of 2022 they detected an unsuccessful attempt to compromise the account of one of their third-party customer support engineers. They altered the third-party provider to the situation. They also suspended the individual’s account and terminated their active sessions.

A thorough analysis was performed to determine the extent of the exposure. Okta determined about 2.5% of their customers may have had their data acted upon or viewed as a result of this vulnerability—known as LAPSUS$. They followed up with these customers directly through email.

How Has LAPSUS$ Impacted AutoRABIT?

We have conducted a thorough analysis across all of our products and platforms to determine our susceptibility to the LAPSUS$ vulnerability.

We have determined that all AutoRABIT SAAS instances were not impacted and remain secure.

The AutoRABIT Defense Strategy

AutoRABIT takes data security very seriously. Although we were not impacted by the vulnerability, we have taken the following steps to ensure our platforms—including those of our partners and customers—remain secure.

  • Reviewed stored data in Okta, based on SSO login to our products
  • We have validated log entries for events and did not find suspicious activity.
  • We reached out to Auth0, for CodeScan and they confirmed that there is no impact to AutoRABIT.
  • Confirmed the following vulnerable filter options are not in our OKTA configuration:
    • eventType eq “user.mfa.factor.reset_all”
    • eventType eq ”system.api_token.create”

As a precaution we advise all of our clients to reset their credentials for OKTA.

We will continue monitoring the situation moving forward.