HQ/EMEAFind out how we can help your business
Cloudflare, an internet security company, disclosed that it faced a security incident in November that stemmed from the Okta breach that affected its support system in October.
The Cloudflare co-founder and CEO explained in an advisory that their investigation attributed the compromise to an attacker who utilised a stolen authentication token to access their Atlassian server.
Despite the cybersecurity incident, Cloudflare assured its customers that the attacker allegedly had a limited impact since they had not compromised sensitive data. Moreover, the company claimed they took the incident seriously in the disclosure, recognising that the threat actor had accessed some of their documents and a limited source code.
Cloudflare first notified Okta about the attack, reversing the typical notification process. The breach had impacted the data and credentials of Octa’s customers, including Cloudflare, since it utilised the company’s support case management system.
However, new investigations stated the attackers only started the cybercriminal operation on Cloudflare’s systems after using Okta’s compromised credentials in November last year.
Cloudflare stated that they have promptly addressed the problems caused by the Okta breach.
On Thanksgiving last year, Cloudflare detected the threat actor from the Okta breach on their self-hosted Atlassian server. Cloudflare’s security team claimed that they severed the access and initiated an investigation with assistance from a third-party forensic team.
Although the threat actor established persistent access to Cloudflare’s Atlassian server and its source code management system, the company confirmed that all access was terminated on November 24. The compromise became apparent due to the failure to rotate one service token and three service accounts among the credentials leaked during the Okta breach in October 2023.
This incident is the second time that Cloudflare has suffered a compromise due to Okta’s systems issue, with a previous incident in early 2022. Furthermore, Cloudflare emphasised that they intended to rotate all impacted credentials, but unfortunately, they overlooked one service token and three service accounts.
Cloudflare’s admission of such incidents shows that companies suffer persistent challenges in maintaining competent cybersecurity. Therefore, this incident should be an example of how organisations should regularly update and rotate credentials to mitigate the risks linked with potential data breaches.
