Okta breach affected 134 orgs, ‘or less than 1%’ of customers, company admits

Okta breach affected 134 orgs, 'or less than 1%' of customers, company admits

November 6, 2023 at 09:11AM

Okta has confirmed that its October breach resulted in the compromise of files belonging to 134 customers, which is less than 1 percent of their customer base. Among the affected customers are 1Password, BeyondTrust, and Cloudflare. The breach involved an employee signing into their personal Google account on a company-managed laptop. Additionally, Mr. Cooper, a mortgage and loan company, experienced a cybersecurity incident, causing many pages on their website to not resolve. The fourth iteration of the Common Vulnerability Scoring System (CVSS) has been released, with new nomenclature and modifications to include attack requirements.

Key takeaways from the meeting notes:

1. Okta breach: Okta has confirmed that files belonging to 134 customers were compromised in the October breach, which accounts for less than 1% of Okta customers. Five of the affected customers experienced their own intrusions. Password manager 1Password, identity management company BeyondTrust, and web security firm Cloudflare were among the targets. The attackers obtained cached web session data and cookies to impersonate users.

2. Insider snafu: The breach at Okta was likely caused by an employee signing into their personal Google profile on the Chrome browser of their Okta-managed laptop. It is believed that the exposure of the employee’s personal Google account or device led to the compromise of Okta’s systems.

3. Third-party breach at Okta: In addition to the main breach, Okta also admitted that a third-party breach exposed records of nearly 5,000 current and former employees.

4. Critical vulnerabilities: Cisco released security updates for multiple products, including a newly-identified critical issue in the Firepower Management Center. Other critical vulnerabilities were identified in INEA’s ME remote terminal unit, Schneider Electric SpaceLogic C-Bus Toolkit, Weintek EasyBuilder Pro software, Zavio IP cameras, Mitsubishi Electric CNC series devices, Mitsubishi Electric MELSEC-series PLCs, Red Lion’s Crimson software, and Franklin Fueling System TS-550 automatic tank gauges.

5. Mr Cooper cybersecurity incident: Mortgage and loan company Mr Cooper suffered a cybersecurity incident, causing its systems to remain locked down. The nature of the incident is not disclosed, but it is stated that it did not affect any clients or partners of the company.

6. CVSS 4.0 released: The fourth version of the Common Vulnerability Scoring System (CVSS) has been officially published by the Forum of Incident Response and Security Teams (FIRST). CVSS 4.0 introduces new scoring elements and nomenclature to enhance clarity and granular scoring.

Please let me know if you need further clarification or additional information on any of these points.

Full Article