1Password discloses security incident linked to Okta breach

Trending 1 month ago
  1. Home
  2. Technology
  3. 1Password discloses security incident linked to Okta breach

1Password

1Password, a celebrated password guidance level utilized by complete 100,000 businesses, suffered a information incident aft hackers gained entree to its Okta ID guidance tenant.

"We detected suspicious activity connected our Okta lawsuit related to their Support System incident. After a thorough investigation, we concluded that nary 1Password personification information was accessed," sounds a very brief security incident notification from 1Password CTO Pedro Canahuati.

"On September 29, we detected suspicious activity connected our Okta lawsuit that we usage to negociate our employee-facing apps."

"We instantly terminated nan activity, investigated, and recovered nary discuss of personification information aliases different delicate systems, either employee-facing aliases user-facing."

On Friday, Okta disclosed that threat actors breached its support lawsuit guidance system using stolen credentials.

As portion of these support cases, Okta routinely asks customers to upload HTTP Archive (HAR) files to troubleshoot customer problems. However, these HAR files incorporate delicate data, including authentication cookies and convention tokens that tin beryllium utilized to impersonate a valid Okta customer.

Okta first learned of nan breach from BeyondTrust, who shared forensics information pinch Okta, showing that their support statement was compromised. However, it took Okta complete 2 weeks to corroborate nan breach.

Cloudflare besides detected malicious activity connected their systems connected October 18th, 2 days earlier Okta disclosed nan incident. Like BeyondTrust, nan threat actors utilized an authentication token stolen from Okta's support strategy to pivot into Cloudflare's Okta lawsuit and summation Administrative privileges.

1Password breach linked to Okta

In a study released Monday afternoon, 1Password says threat actors breached its Okta tenant utilizing a stolen convention cooky for an IT employee.

"Corroborating pinch Okta support, it was established that this incident shares similarities of a known run wherever threat actors will discuss ace admin accounts, past effort to manipulate authentication flows and found a secondary personality supplier to impersonate users wrong nan affected organization," sounds the 1Password report.

According to nan report, a personnel of nan 1Password IT squad opened a support lawsuit pinch Okta and provided a HAR record created from nan Chrome Dev Tools.

This HAR record contains nan aforesaid Okta authentication convention utilized to summation unauthorized entree to nan Okta administrative portal.

Using this access, nan threat character attempted to execute nan pursuing actions:

  • Attempted to entree nan IT squad member's personification dashboard, but was blocked by Okta.
  • Updated an existing IDP (Okta Identity Provider) tied to our accumulation Google environment.
  • Activated nan IDP.
  • Requested a study of administrative users

1Password's IT squad learned of this breach connected September 29 aft receiving a suspicious email astir nan requested administrative study that was not charismatic requested by employees.

"On September 29, 2023 a personnel of nan IT squad received an unexpected email notification suggesting they had initiated an Okta study containing a database of admins," explained 1Password successful nan report.

"Since then, we’ve been moving pinch Okta to find nan first vector of compromise. As of precocious Friday, October 20, we’ve confirmed that this was a consequence of Okta’s Support System breach," Canahuati said.

However, location appears to beryllium immoderate disorder astir really 1Password was breached, arsenic Okta claims that their logs do not show that nan IT employee's HAR record was accessed until aft 1Password’s information incident.

1Password states that they person since rotated each of nan IT employee's credentials and modified their Okta configuration, including denying logins from non-Okta IDPs, reducing convention times for administrative users, tighter rules connected MFA for administrative users, and reducing nan number of ace administrators.

BleepingComputer contacted 1Password pinch further questions astir nan incident, but a reply was not instantly available.

Related Article

Russian military hackers target NATO fast reaction corps

Russian military hackers target NATO fast reaction corps

8 hours ago
23andMe updates user agreement to prevent data breach lawsuits

23andMe updates user agreement to prevent data breach lawsuits

9 hours ago
Windows 11 Notepad gets a built-in character counter, finally

Windows 11 Notepad gets a built-in character counter, finally

10 hours ago
WordPress fixes POP chain exposing websites to RCE attacks

WordPress fixes POP chain exposing websites to RCE attacks

10 hours ago
Russian pleads guilty to running crypto-exchange used by ransomware gangs

Russian pleads guilty to running crypto-exchange used by ransomware gangs

13 hours ago
UK and allies expose Russian FSB hacking group, sanction members

UK and allies expose Russian FSB hacking group, sanction members

13 hours ago

Trending

1. Baldur's Gate 3
2. Brenda Lee
3. Lakers vs Pelicans
4. Copa America 2024
5. Forest Whitaker
6. Ezekiel Elliott
7. Benny Blanco
8. Bucks
9. Steelers
10. Nebraska volleyball

Popular Article

Dell XPS 15 is still at its Black Friday and Cyber Monday price

Dell XPS 15 is still at its Black Friday and Cyber Monday price

20 hours ago
The Game Awards 2023: Here’s the complete list of winners

The Game Awards 2023: Here’s the complete list of winners

6 hours ago
Belgian man charged with smuggling sanctioned military tech to Russia and China

Belgian man charged with smuggling sanctioned military tech to Russia and China

23 hours ago
Microsoft's code name for 64-bit Windows was also a dig at rival Sun

Microsoft's code name for 64-bit Windows was also a dig at rival Sun

21 hours ago
Accelerating software delivery while keeping a close check

Accelerating software delivery while keeping a close check

20 hours ago
GitLab admits IT ineptitude in finance reporting is ongoing

GitLab admits IT ineptitude in finance reporting is ongoing

19 hours ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions · Disclaimer ·

©2023 PAK MEDIA BLOG.
All Rights Reserved.