2023-10-24 11:55:04
The popular password manager 1Password announced yesterday that it had identified a security breach, which was attributed to a breach in the company’s support management system. Okta — which affected hundreds of other services.
One statement was released CTO hairChief technology officeror technical director.”>1 from 1Password, Pedro Canahuati, in which the main facts of the situation were highlighted:
On September 29, we detected suspicious activity on our Okta instance, which we use to manage our employee-facing applications. We immediately terminated the activity, investigated and did not find any compromise of user data or other sensitive systems, both for employees and users.
Okta, in turn, announced last Friday (10/20) that a breach had been made in its support case management system with stolen credentials. It is believed that an IT employee may have been involved in the breach.
More precisely, according to the 1Password internal report on the incident [PDF]attackers were able to gain access to your Okta system using a session cookie stolen from an IT employee — which may have been obtained from an HTTP Archive (known as HAR) file, which includes sensitive data such as cookies authentication and tokens that can be used to impersonate a real customer.
Corroborating support from Okta, it has been established that this incident shares similarities with a known campaign in which threat actors compromise super administrator accounts and then attempt to manipulate authentication flows and establish a secondary identity provider to impersonate users within the affected organization.
1Password’s suspicion is that the attackers carried out “initial reconnaissance” with the intention of remaining undetected in order to collect information for a possible more sophisticated attack later.
In response to this security incident, the company said it rotated all IT employee credentials and modified its Okta configuration to reduce session time for administrative users, as well as create stricter rules and reduce the number of super administrators.
Although the incident did not affect the end consumers of the services (at least not as far as we know yet), the case serves as a reminder of the potential threats that exist in the digital world and highlights the importance of taking steps to protect your personal information online.
via Ars Technica
1698148984
#1Password #reveals #affected #Okta #security #incident