Okta breach impacts 1Password and Cloudflare

    Hackers targeted both 1Password and Cloudflare following the Okta breach. 1Password spotted suspicious activity on its Okta instance tied to a Support System incident. However, they confirmed hackers didn’t access any user data. An unexpected email notification alerted the company’s IT team. They found a threat actor had entered their Okta account with admin rights. Working with Okta, 1Password found that the attack matched a broader campaign. In this campaign, hackers compromise admin accounts and try to change authentication flows. They aim to pose as users within companies. But there was no sign they accessed systems beyond Okta.

    Cloudflare had a different take. They blamed Okta for how it managed the breach. A hacker tried to infiltrate their system using a token from Okta. The hacker did get into Okta’s customer support system. There, they saw files some Okta customers uploaded during support cases. Cloudflare detected this activity more than 24 hours before Okta notified them. They urged for faster actions and open disclosures after identifying breaches. They also advised all Okta customers to contact the company for breach details.

    It’s essential to note that Okta faced criticism last year for another breach. The company’s CSO later apologized for it.

    Latest articles

    Related articles