Okta and 1Password Face Criticism Following Breach Disclosure
Earlier This Week, Reports Explained a Hack of Okta ID Management
Overt Operator
October 26, 2023
1Password, a password management platform utilized by over a hundred thousand businesses, became the latest victim of a security breach earlier this month, Dark Reading reported. The intrusion occurred after hackers managed to breach its Okta ID management tenant, an instance used for managing employee-facing applications. On October 25, the hack on Okta was followed up by Fast Company, which reported that the incident has caused the Okta company to lose "$2 million" in capital, and caused its stock to drop by "11 percent."
In the hours since the reports first broke, TechTarget writes that Okta is taking "heat" for "risk and repeat" behaviors, and the company is facing criticism because the hack was the result of stolen credentials.
The company's Chief Technology Officer, Pedro Canahuati, confirmed the incident in a security notification. "We detected suspicious activity on our Okta instance related to their Support System incident," Canahuati stated. He added that after a comprehensive investigation, it was determined that no user data from 1Password was compromised.
The suspicious activity was detected on September 29, and immediate steps were taken to terminate it. The ensuing analysis confirmed that neither user data nor other sensitive systems, whether employee-facing or user-facing, were compromised.
The security breach comes after Okta disclosed last Friday that its support case management system had been hacked. The cyber attackers used stolen credentials to gain access. As part of their routine customer support, Okta frequently requests customers to upload HTTP Archive (HAR) files, which are used to troubleshoot issues. However, these files contain sensitive information, including authentication cookies and session tokens, which can potentially be utilized to imitate a valid Okta customer.
Okta was first informed of the breach by BeyondTrust, which provided forensics data showing that their support organization had been compromised. It took Okta more than two weeks to affirm the breach.
Additionally, Cloudflare, another cybersecurity company, detected harmful activity on their systems on October 18, two days before Okta's breach disclosure. Similarly to BeyondTrust, the cyber attackers used an authentication token stolen from Okta's support system to gain administrative privileges in Cloudflare's Okta instance.
1Password has linked its breach to the Okta incident. In a report released on Monday afternoon, 1Password stated that the cyber attackers infiltrated its Okta tenant using a stolen session cookie belonging to an IT employee. The company is currently corroborating with Okta's support team to further investigate the matter.
This incident highlights the increasing importance of robust cybersecurity measures for businesses, especially those in the digital space, as cyber threats become more sophisticated.