In the aftermath of a recent breach of Okta’s support unit, network and security giant Cloudflare and password manager maker 1Password have reported being briefly targeted by hackers. Both companies have confirmed that their incidents were connected to the Okta breach, although they have reassured users that their customer systems and user data were not compromised.
Key Takeaway
Okta’s breach has had a ripple effect, leading to targeting and attempted intrusions on Cloudflare and 1Password. While customer systems and user data were not compromised, the incidents highlight the importance of robust security measures in safeguarding against unauthorized access.
1Password’s Chief Technology Officer, Pedro Canahuati, stated in a blog post that they swiftly terminated the activity and conducted an investigation, concluding that no user data or sensitive systems were compromised. Canahuati affirmed, “We’ve confirmed that this was a result of Okta’s support system breach.”
Okta, a provider of single sign-on technology, announced on Friday that hackers had gained unauthorized access to its customer support unit, pilfering files uploaded by Okta’s customers for diagnosing technical issues. These files included browser recording sessions that contained potentially sensitive user credentials, such as cookies and session tokens, which could be exploited by hackers to impersonate user accounts.
According to Okta’s spokesperson, Vitor De Souza, approximately 1% of the company’s 17,000 corporate customers, or 170 organizations, were affected by the breach. This signifies a considerable impact on a substantial customer base.
1Password’s Incident: Unauthorized Account Access
In a detailed report on the security incident, 1Password revealed that the hackers utilized a session token obtained from a file uploaded earlier that day by a member of the IT team to Okta’s support unit system for troubleshooting. This session token enabled the hackers to access the IT member’s account without requiring their password or two-factor code, granting them limited access to 1Password’s Okta dashboard.
1Password disclosed that the incident occurred on September 29, two weeks prior to Okta’s public announcement. The timeframe reveals a delay in Okta’s disclosure of the incident to its affected users and the public.
Cloudflare: Preventing Unauthorized Access
Cloudflare, in its own blog post, confirmed that hackers had similarly targeted its systems using a session token stolen from Okta’s support unit. Chief Information Security Officer Grant Bourzikas assured users that the threat actor was unable to access any of Cloudflare’s systems or data. This was largely due to Cloudflare’s utilization of hardware security keys that effectively deter phishing attacks.
BeyondTrust, a security company, also reported being affected by Okta’s breach but promptly shut down the intrusion. In a blog post, BeyondTrust stated that it had notified Okta of the incident on October 2 but accused Okta of not acknowledging the breach for nearly three weeks.
