October 23, 2023 at 06:40PM
Hackers breached the Okta support case management system, impacting 1Password. No user data from 1Password was compromised, but the breach involved an IT employee’s stolen session cookie. The threat actor attempted to manipulate authentication flows and gain unauthorized access. Okta confirmed the breach and both companies have taken steps to enhance security measures.
Based on the meeting notes, here are the key takeaways:
1. 1Password, a password management platform, experienced a security breach.
2. The breach occurred when hackers gained access to 1Password’s Okta ID management tenant.
3. 1Password’s CTO confirmed that no user data was accessed during the breach.
4. Suspicious activity on the Okta instance used by 1Password was detected on September 29.
5. The activity was terminated immediately, and there was no compromise of user or sensitive data.
6. Okta disclosed that threat actors breached its support case management system using stolen credentials.
7. Okta confirmed the breach after receiving forensics data from BeyondTrust.
8. The breach allowed threat actors to gain administrative privileges in Cloudflare’s Okta instance.
9. 1Password issued a report stating that the breach involved a stolen session cookie for an IT employee.
10. The threat actor attempted to manipulate authentication flows and establish a secondary identity provider within 1Password.
11. The breach was discovered by 1Password’s IT team after receiving a suspicious email about a requested administrative report.
12. 1Password worked with Okta to determine the initial vector of compromise and confirmed it was a result of Okta’s support system breach.
13. There is some confusion between 1Password and Okta regarding the timeline and access to the IT employee’s HAR file.
14. 1Password has taken measures to enhance security, including credential rotation, Okta configuration modifications, and stronger MFA requirements.
Please note that this is a summary of the information from the meeting notes and may not include all the details.