Okta’s Latest Hacker Attack Involves Cloudflare and 1Password
Okta’s Latest Hacker Attack Involves Cloudflare and 1Password
- Why Enterprise RAID Rebuilding Succeeds Where Consumer Arrays Fail?
- Linus Torvalds Rejects MMC Subsystem Updates for Linux 7.0: “Complete Garbage”
- The Man Who Maintained Sudo for 30 Years Now Struggles to Fund the Work That Powers Millions of Servers
- How Close Are Quantum Computers to Breaking RSA-2048?
- Why Windows 10 Users Are Flocking to Zorin OS 18 Instead of Linux Mint?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Okta’s Latest Hacker Attack Involves Cloudflare and 1Password
Major cybersecurity players, Cloudflare and password manager developer 1Password, have revealed that their systems were briefly compromised following a recent breach in Okta’s support department.
Both Cloudflare and 1Password have indicated that these recent breaches are linked to vulnerabilities in Okta, but they have reassured that these incidents did not affect their customer systems or user data.
Pedro Canahuati, Chief Technology Officer at 1Password, stated in a blog post, “We promptly terminated this unusual activity, conducted an investigation, and found no user data or other sensitive systems were compromised, whether employee-facing or user-facing. We have confirmed that this was a result of Okta’s support system vulnerability.”
Okta, a company offering single sign-on technology to businesses and organizations, announced late Friday that hackers had breached their customer support department and stolen files uploaded by customers for diagnosing technical issues. These files included browser session logs that may contain sensitive user credentials, such as cookies and session tokens, which hackers could use to impersonate user accounts.
Okta spokesperson Vitor De Souza stated that approximately 1% of Okta’s 17,000 corporate customers (equivalent to 170 organizations) were affected by the breach.
1Password, in a detailed report attached to the security incident, revealed that the hackers used session tokens from files uploaded earlier in the day by IT team members to Okta’s support department for troubleshooting. These session tokens allowed hackers to access 1Password’s Okta panel with limited access without needing passwords or two-factor codes.
1Password reported that the incident occurred on September 29, two weeks earlier than the public disclosure of details by Okta.
In a blog post last Friday, Cloudflare also confirmed that hackers similarly attacked their systems using session tokens stolen from Okta’s support department. Grant Bourzikas, Chief Information Security Officer at Cloudflare, mentioned that the Cloudflare incident began on October 18 and that “the threat actors did not access any of our systems or data” largely because Cloudflare employs hardware security keys to thwart phishing attacks.
Security firm BeyondTrust reported being impacted by the Okta breach as well but promptly mitigated the intrusion. In a blog post, BeyondTrust mentioned that they had notified Okta of the incident on October 2 but criticized Okta for not acknowledging the vulnerability for nearly three weeks.
This marks the latest security incident for Okta following a partial source code theft in December 2022 and the release of internal network screenshots by hackers in January 2022.
After security reporter Brian Krebs first reported on this vulnerability, Okta’s stock price fell by over 11% last Friday, resulting in a loss of at least $2 billion in company value.
