2023-11-30 09:20:36
Okta’s support service has been hacked. The publisher of password management software 1Password suffered an attack via its use of Okta’s solution, but believes that no customer data was stolen. Okta has just communicated that all its support service customers are affected.
Updated November 30, 2023: the attack on Okta, revealed at the end of October (read below), ultimately concerns more customers than previously communicated. The identity and access management (IAM) specialist initially estimated that 134 of its clients were affected, or less than 1% of its clientele. However, in a blog post recently published by David Bradbury, Chief Security Officer at Okta, it appears that the data included during the attack concerns all the companies that use its support service.
The Okta CISO nevertheless wants to be reassuring. It states that for 99.6% of users in the compromised data, the only contact information recorded is full name and email address. “While we do not have direct knowledge or evidence that this information is being actively exploited, it is possible that the threat actor is using this information to target Okta customers through phishing attacks or “social engineering,” warns David Bradbury.
Updated November 7, 2023: Okta communicated regarding the hacking of which it was a victim at the end of October (read below). The identity and access management (IAM) specialist has announced that 134 of its clients are affected, or less than 1% of its clientele. However, five of them were particularly affected: they were subsequently victims of session hijacking attacks, as session tokens were also stolen during the hack. Stolen tokens allow hackers to impersonate their victims. For example for online banking transactions. Three corporate clients whose Internet sessions were hijacked have already spoken publicly on this subject, reports Bleepingcomputer. These are 1Password, Beyondtrust and Cloudflare.
Update October 24, 2023: 1Password targeted following Okta hack
In a blog post, 1Password, publisher of the eponymous password manager, indicates that it detected an attack at the end of September linked to the Okta hack. The 1password IT team received an email indicating that they had run an Okta report containing the list of their administrators. After verifying that this was not the case, security teams were alerted and identified activity in the Okta environment coming from a suspicious IP address. According to 1Password’s initial assessment, there is no indication that the hackers accessed its systems (outside of Okta) or its users’ data. “The activity we saw suggests that they conducted initial reconnaissance with the intention of remaining undetected in an effort to gather information for a more sophisticated attack,” explains 1Password.
Original news from October 23, 2023. Specialist in identity management, Okta has been hacked once more. Okta announces that it has had sensitive customer data hacked and stolen. Very bad news for a company specializing in identity and access management (IAM). Moreover, its action lost 10% of its value on Friday following the revelation of the problem. Not to mention that this is not the first time that the firm has suffered from such an incident. In 2021, the Californian publisher suffered from data theft via hacking of a tool used by its customer service.
The new attack revealed by Okta also concerns customer support, but this time the publisher was attacked directly on its case management tool and not via a subcontractor. According to note published by the CISO of the company, the hackers would have got their hands on certain files (HTTP Archive or HAR) that customers may have to transmit to the Okta support service. These files sometimes contain sensitive data, such as cookies and session tokens, which hackers can use to impersonate authorized users.
Okta says the attack only affects certain customers who have been notified. The publisher emphasizes that it generally recommends making sure to clean HAR files (delete access data) before sending them to its support service. According to The Registerthe hack of Okta’s support service was reportedly detected by one of its customers – BeyondTrust – as early as October 2 and reported to the company.
1701339255
#Customers #affected #Okta #hack #announced #update
