EnergySys and the Okta LAPSUS$ Security Incident

Okta Security Incident Background  

On 22 March 2022, Okta, the identity provider we currently use for authentication, announced a security risk for some users. They have assessed the risk as low, reporting that only 2.5% of users could be affected, all of whom were advised prior to the public announcement. 

In January 2022, they detected an unsuccessful attempt to compromise a customer support engineer account working for a third-party provider. Their investigation identified a five-day period where the attacker had access to a support engineer’s laptop.  

Okta’s most recent update on the incident advises a small percentage of customers (approximately 2.5%) may have been impacted and their data may have been viewed or acted upon. The impact is limited to the access a support engineer has. Namely facilitating password and multi-factor authentication factor resets but not the ability to obtain passwords or user lists.  

Okta advise they have reached out to all customers impacted and have confirmed to us that no EnergySys users were affected. 

Action 

We take security extremely seriously at EnergySys. Despite Okta’s reassurance that none of our users were impacted, and as per our ISO 27001 certified process, we mobilised our Incident Response Team to assess any risk to our users. In particular, any user that changed their password during the incident has been investigated for unusual access patterns, during and since the incident. The outcome of the investigation was that there was no unusual user behavior and no user accounts or information was compromised, and no further action was required. 

We will continue to monitor updates from Okta, and the team will take any action required if the circumstances change. 

Try more from our latest Resources

EnergySys and Quadface Team Up to Deliver Innovation

The EnergySys reseller program is expanding to include Incendo, a New Zealand owned and operated IT services business. The Incendo team have a decade’s worth of experience behind them delivering a vast array of services.  

Overcoming 5 Common Oil & Gas Production Software Migration Challenges

You can overcome these five common oil and gas production software migration challenges by taking an agile approach to planning and execution, selecting a low-code solution and partnering with industry experts.

4 Benefits of Migrating Your Production Management Software to a Low-Code Cloud Platform

Moving your production data, allocating and reporting to a low-code cloud platform like the EnergySys Cloud Platform, gives your organisation adaptability when you need it the most. Let's look at four of the main benefits you'll see when migrating from your legacy software to a low-code cloud platform.

See all