Lapsus$ Breaches

Kim Jennings

Mar 25, 2022

Data extortion group Lapsus$ has breached Microsoft and Okta.

Okta, a leading provider in IAM (identity and access management) solutions made a public statement March 22nd at 10:45am PT that they had not been breached, providing an update later that day at 6:31pm PT that they had in fact been breached and were evaluating the impact on customers.

Lapsus$ provided screenshot in their telegram channel on Tuesday that showed alleged access to Okta’s backend console and customer data.

Co-Founder and CEO Todd McKinnon stated on twitter that the company believed the leaked screenshots to be in connection with a January 2022 event, however there are concerns that Lapsus$ has super user access and could be an ongoing threat as Lapsus$ made the statement “BEFORE PEOPLE START ASKING: WE DID NOT ACCESS/STEAL ANY DATABASES FROM OKTA - our focus was ONLY on Okta customers.


Okta is not the only company Lapsus$ has hit in the last several days with the group also announcing on the 21st that it had breached Microsoft. Lapsus$ claims to have Specifically breached Microsoft’s Internal Azure DevOps server and leaked 37gb of stolen internal source code for projects like Bing and Cortana.


Microsoft confirmed the breach on the evening of March 22nd, stating that one their employees was compromised by Lapsus$ allowing the group to gain access and steal portions of the code. Microsoft has stated that “No customer code or data was involved in the observed activities and found a single account has been compromised, granting limited access”. Microsoft also made the statement “Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.".