Community and security big Cloudflare and password supervisor maker 1Password mentioned hackers briefly focused their methods following a latest breach of Okta’s help unit.
Each Cloudflare and 1Password mentioned their latest intrusions had been linked to the Okta breach, however that the incidents didn’t have an effect on their buyer methods or consumer information.
“We instantly terminated the exercise, investigated, and located no compromise of consumer information or different delicate methods, both employee-facing or user-facing,” mentioned 1Password chief expertise officer Pedro Canahuati in a weblog submit. “We’ve confirmed that this was a results of Okta’s help system breach,” mentioned Canahuati.
Ars Technica first reported that 1Password was affected by Okta’s breach.
Okta, which supplies single sign-on expertise to corporations and organizations, mentioned late on Friday that hackers had damaged into its buyer help unit and stole recordsdata uploaded by its prospects for diagnosing technical issues. These recordsdata embrace browser recording classes that may include delicate consumer credentials, corresponding to cookies and session tokens, which if stolen can permit hackers to impersonate consumer accounts.
Okta spokesperson Vitor De Souza instructed information.killnetswitch that about 1% of its 17,000 company prospects — or 170 organizations — had been affected by its breach.
In an hooked up report detailing the security incident, 1Password mentioned the hackers used a session token from a file that had been uploaded by a member of the IT group earlier within the day to Okta’s help unit system for troubleshooting. The session token allowed the hackers to make use of the IT member’s account without having their password or two-factor code, granting the hacker restricted entry to 1Password’s Okta dashboard.
1Password mentioned the incident occurred on September 29, two weeks earlier than Okta went public with particulars of the incident.
Cloudflare additionally confirmed in a weblog submit on Friday that hackers equally focused its methods utilizing a session token stolen from Okta’s help unit. Cloudflare’s chief data security officer Grant Bourzikas mentioned Cloudflare’s incident, which started on October 18, resulted in “no entry from the risk actor to any of our methods or information,” largely as a result of Cloudflare makes use of {hardware} security keys that evade phishing assaults.
That is Okta’s newest security incident, following the theft of a few of its supply code in December 2022, and an incident earlier in January 2022 the place hackers posted screenshots of Okta’s inside community.
Okta’s inventory value dropped greater than 11% on Friday — wiping at the very least $2 billion off the corporate’s worth — following information of the breach, which was first reported by security journalist Brian Krebs.
