Search This Blog

Powered by Blogger.

Blog Archive

Labels

Unpacking the Latest Okta Breach, What All You Need to Know

This breach affected a total of 134 customers, potentially compromising sensitive information.
Okta stated on Friday that the recent breach at the digital identity management services provider, which resulted in the targeting of some of its customers, likely occurred when an employee logged into a personal Google account using a company laptop. In this attack, Okta Inc. 134 of its customers' data was compromised, with an additional five targeted in cyberattacks, all stemming from a breach in its technical support system. 

Okta, a company listed on the Nasdaq, offers a cloud platform utilized by businesses for handling login requests to their applications, as well as managing user account information. In the last quarter, Okta reported a revenue of $556 million, marking a 23% increase compared to the corresponding period the previous year. 

In a recent blog post, Okta disclosed that cyberattacks targeting customers such as 1Password, BeyondTrust, and Cloudflare resulted in unauthorized access to internal files. This breach affected a total of 134 customers, potentially compromising sensitive information. 

Additionally, Okta's Chief Security Officer, David Bradbury, provided an account of the breach. The incident came to light after AgileBits Inc., the developer behind the widely-used 1Password password manager, alerted Okta's support team about suspicious activity. Subsequently, two more customers reported similar incidents. Okta promptly launched an investigation, which revealed that hackers had infiltrated a system crucial for processing users' technical support tickets. 

“During our investigation into suspicious use of [an] account, Okta Security identified that an employee had signed in to their personal Google profile on the Chrome browser of their Okta-managed laptop. The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device,” wrote Okta’s chief security officer, David Bradbury. 

Okta Security Prior to having their access blocked, the cybercriminals managed to obtain information from 134 customers, as disclosed by Okta. Among the pilfered data were several session tokens, some of which were subsequently employed in cyberattacks against five of Okta's customers. A session token serves as a repository for an application's record of user activities. When these files are stolen, hackers may exploit them to potentially gain unauthorized access to legitimate users' application accounts. 

Notably, one of Okta's customers, the cybersecurity company BeyondTrust Inc., reported that the hackers had utilized a purloined session token to establish an administrator account within their network, although they were unsuccessful in accessing any internal workloads. In response to the recent breach, Okta has implemented several security measures. 

They have instituted a policy prohibiting employees from using personal Google accounts to log into their corporate computers. Additionally, the company has bolstered its breach detection system within the support ticket system. As an extra layer of protection, Okta is introducing a new feature for platform customers, enhancing the security of their administrator accounts.
Share it:

Cyber Threats

Data Breach

Okta breach

Okta securty