In March 2022, Okta revealed that LUPSUS$ stole and leaked some of their customers’ information online. While the incident is over for Okta, understanding the extent of the damages and how they occurred can help other companies determine how to protect themselves and their clients.

Hacking Incident Overview 

While the security breach impacted Okta and its customers, the incident involved three parties: 

  • Okta: Okta provides identity management services that allow users to apply a single password to all their accounts along with a one-time code. This system aims to promote higher levels of security. They were the targeted organization in this incident. 
  • LUPSUS$: LUPSUS$ is a hacking organization formed only months before the incident. Sources have been unable to identify who is behind it, though there is a lot of speculation. They are targeting technology companies like Okta and others and seem to prefer data theft and ransom.
  • Sitel: Sitel offers technical customer support services for larger companies, working as a third-party contractor or supplier. During the security breach, they worked with Okta’s clients, offering support. 

In January 2022, LUPSUS$ gained access to Okta account information by remotely connecting to a Sitel employee’s laptop. They used several tools to go undetected in the system, disabling Sitel’s security systems for them to steal information continually. Going undetected for almost five days, the organization collected the password and codes for 366 Okta customer accounts

At the end of their theft, Sitel systems did detect suspicious activity, leading them to alert all customers they work for. Narrowing it down to Okta’s account, they reached out to the company. Because LUPSUS$ disabled security systems, both companies underestimated the scope and damage of the Okta hack. 

In March 2022, Okta received a full security report from Sitel after an investigation, and LUPSUS$ posted the stolen information online only days later, confirming their involvement. 

Who Else Has Been Affected by LAPSUS$? 

Several tech companies have experienced data breaches from LAPSUS$, including some large-name technology brands: 

  • Microsoft: LAPSUS$ stole source code for various Microsoft projects, such as Bing, Bing Maps and Cortana. Microsoft confirmed these details and the hacker organization’s involvement. 
  • Samsung: Samsung reported that a hacker stole the source code for their Galaxy devices. While they confirmed the data theft, they have yet to announce whether LAPSUS$ is responsible or if these are just rumors. 
  • T-Mobile: T-Mobile experienced several security breaches resulting in source code stolen from multiple projects.
  • Nvidia: The chip manufacturing company has valuable company information leaked by LAPSUS$. There are additional rumors that ransom is at play, but Nvidia has yet to confirm.

Even though the hacking organization is young, they have reached some well-known and advanced technical companies, building a reputation for itself. 

How Do Hacks Like This Happen? 

The organization seems to have a strategy that uses contractors or third-party companies to reach larger company information. Because tech companies usually have more comprehensive cybersecurity systems, they are more difficult for hackers to breach. The Okta hack highlights where these companies might be vulnerable — their smaller third-party partners with less comprehensive protection.

By going through partnering companies, hackers like LAPSUS$ can find loopholes or less protected contact points, giving them access to bigger names like Microsoft and Samsung. 

Technology experts say the issue lies in company and third-party communication. Many companies require external partners to sign an agreement saying they have adequate cybersecurity measures and comply with industry standards. Because this only requires partners to sign contracts, they don’t have to prove they have protection or that it is up-to-date. 

Requiring potential partners to show what security features they have can help protect larger technology companies that want to keep their sensitive data safe while outsourcing functions like customer support.

Who Is Vulnerable to Security Breaches? 

All companies are vulnerable to security breaches, large or small. While smaller companies may lack the support and funding to invest in comprehensive protection, larger companies are attractive targets for groups like LAPSUS$ for their greater amounts of information and vital codes. Attackers can attach higher ransoms to bigger companies, knowing they might have the resources and budget to meet their demands. 

What makes companies truly vulnerable to security breaches and cyberattacks is the lack of protection. Implementing strong security habits can help lower the risk of loopholes and entry points where hackers like LAPSUS$ can gain access to your networks and data. 

How Can Companies Prevent Hacks From Occurring? 

You can protect your company from hacks and breaches by following smart cyber hygiene tips and creating a comprehensive security system, in addition to holding all partners to your industry and company standards. Communicating with your partners and enforcing stricter compliance can help prevent breaches like Okta’s hack. 

Some ways to strengthen cybersecurity at your company include: 

  • Educating your employees: LUPSUS$ targeted a specific employee’s laptop to access Okta’s data. While companies need quality protection, many attacks result from poor individual habits and a lack of awareness. Promote the importance of strong passwords and two-step authentication, and teach about the dangers of public Wi-Fi, phishing and potentially dangerous websites. 
  • Using zero trust access (ZTA): The ZTA model is a way of protecting information by strictly controlling user access. Under this system, users need explicit access confirmation. It works great for companies with remote workers because it can differentiate between company employees and potential hackers. 
  • Segmenting networks and redundancy: Network segmentation is an excellent option for companies with many public applications. You can place your public-facing processes on a separate network, allowing you to secure more private information and protect it from hackers. Redundancy copies data several times across networks and servers, safeguarding it in the event of theft or network and server failure.
  • Investing in the right tools: Using quality tools can protect your business and its information. At Optimum IdM, we offer a B2B identity authentication feature — the OptimalCloud™ Agentless B2B Desktop Single Sign-On (DSSO). This tool allows your clients to log in once and automatically access all their approved applications for increased efficiency, user experience and security. You can protect your company and its third-party members from attacks from hackers like LAPSUS$.

Secure Your Business With Optimum IdM

Learning about Okta and Sitel’s experience with LAPSUS$ can be a wake-up call for many companies about the importance of cybersecurity. As businesses understand more about hackers and their tactics, they should update security habits to reflect their needs. 

Optimum IdM is the leading provider of identity and access management solutions. We understand how essential cybersecurity is, and we pride ourselves on developing solutions that strengthen your protection while enhancing efficiency, ensuring compliance and reducing costs. 

Contact Optimum IdM today and discover how we can help secure your business. 



  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.