Lapsus$ hack shows access flaws

In late March, the infamous Lapsus$ hacking group posted a number of concerning messages online. In a series of posts, the group claimed to have obtained Microsoft source code from Bing Maps, Bing search engine, and Cortana. It also posted evidence that it had taken control of an administrator account at Okta, a network authentication provider. Okta provides services for tens of thousands of companies, including FedEx and some local councils. Eventually, it was revealed that Lapsus$ had gained access through a single Okta subcontractor employee’s account with elevated administrator privileges. The attack is another example in the software supply chain access proving a critical security flaw.