Recent cyber intrusions at network giant Cloudflare and digital vault company 1Password were linked to a breach in Okta’s customer support unit. Both firms confirmed the link but emphasized that their user data remained unaffected.
1Password’s CTO, Pedro Canahuati, elaborated in a blog post that they had swiftly stopped any suspicious activities and ensured that user and other critical systems weren’t compromised. He asserted that the breach was a consequence of issues with Okta’s support system, a claim also reported by Ars Technica.
Okta, a leading single sign-on service provider, announced that hackers infiltrated its customer support segment, extracting files intended for technical diagnostic purposes. These files contained potential digital keys, such as cookies and session tokens, that could allow a perpetrator to mimic user profiles.
Vitor De Souza, Okta’s spokesperson, stated that this breach impacted roughly 1% of its corporate client base, translating to about 170 entities.
1Password’s internal report outlined how hackers utilized a session token acquired from a file, previously uploaded to Okta’s support system by their IT personnel. This token permitted unauthorized entry into 1Password’s Okta dashboard without a password or a second authentication step. This breach was discovered on September 29, but Okta disclosed it two weeks later.
Similarly, Cloudflare verified that they were targeted using a stolen session token. Yet, their Chief Information Security Officer, Grant Bourzikas, pointed out that their system remained inaccessible to the hackers, primarily due to Cloudflare’s advanced hardware security measures.
Another company, BeyondTrust, acknowledged being impacted by the Okta incident. They mentioned in a blog that they had informed Okta about this breach on October 2. However, they criticized Okta for not recognizing the breach for nearly three weeks.
This isn’t Okta’s maiden security mishap. They experienced a source code theft in December 2022 and an earlier breach in January 2022, wherein hackers showcased images of Okta’s internal domain.
These revelations led to a significant 11% drop in Okta’s stock price last Friday, erasing over $2 billion from its market valuation. The breach first came to light via renowned security journalist, Brian Krebs.