October 24, 2023 at 11:21AM
1Password has confirmed that it was attacked by cyber criminals following a breach of Okta’s customer support portal. The attack was detected on September 29 and the company’s incident response team quickly engaged, finding a suspicious IP address and unauthorized access to the Okta instance. While no user data or sensitive systems were compromised, the attackers were attempting to gather intelligence for a more sophisticated attack. Both 1Password and Okta have taken measures to enhance security in response to the incident.
Meeting Takeaways:
– 1Password was targeted by cyber criminals after Okta experienced a breach for the second time.
– The attack on 1Password was discovered when an IT team member received an email about an unauthorized report order.
– The incident response team quickly engaged and identified a suspicious IP address that had accessed 1Password’s Okta instance with admin privileges.
– The investigation found no evidence of data exfiltration or access to systems outside of Okta. The attackers were attempting to gather intelligence.
– 1Password confirmed that no user data or sensitive systems were compromised.
– The attack began with the attacker accessing an uploaded HAR file on Okta’s customer support portal.
– The attacker used the session cookie in the HAR file to gain access to Okta’s admin portal.
– Investigation eliminated the possibility of a rogue support staffer or Wi-Fi network interception.
– The IT team member’s credentials were rotated, and MFA safeguards using Yubikey were put in place.
– Configuration changes were made to tighten MFA rules, reduce admin session times, and limit super admin accounts.
– 1Password is not the only high-profile customer affected by Okta’s security issues. Cloudflare and BeyondTrust also experienced attacks.
– Okta has notified all impacted customers and has taken measures to protect them, including revoking session tokens.
– It is important for users and organizations to remain vigilant and watch out for suspicious activity.