November 3, 2023 at 03:42PM
Threat actors breached Okta’s customer support system, stealing files related to 134 customers. Five specific customers, including BeyondTrust, 1Password, and Cloudflare, were targeted with the stolen data. The breach was due to compromised employee credentials on a personal device. Okta has revoked the affected session tokens and implemented measures to enhance security. This incident follows previous cybersecurity issues, including the breach of MGM Resorts and compromised employee data.
According to the meeting notes, Okta has confirmed a cybersecurity breach in which threat actors were able to access its customer support system and steal files related to 134 customers, which is less than 1% of their total customer base. The stolen files were HAR files containing session tokens. The cyberattackers then targeted five specific customers, including BeyondTrust, 1Password, and Cloudflare, with the stolen data.
Okta’s chief security officer, David Bradbury, explained that the breach occurred because an Okta employee’s credentials were compromised on a personal device. The employee had signed into their personal Google profile on the Chrome browser of their Okta-managed laptop, which saved the service account’s username and password into the employee’s personal Google account.
Okta became aware of the breach when 1Password reported suspicious activity on September 29, followed by BeyondTrust on October 2. Okta’s security team used indicators of compromise and associated IP addresses to identify other targeted customers, including Cloudflare. All affected session tokens have been revoked.
As a response to the breach, Okta has blocked future Google Chrome sign-ins on Okta-managed laptops using personal Google accounts. They have also added a feature that ties Okta admin tokens to network location data, forcing re-authentication if a network change is detected.
This detailed explanation from Okta comes after previous cybersecurity incidents, including the breach of MGM Resorts and the compromise of employee data through a third-party healthcare vendor.