HQ/EMEAFind out how we can help your business
In a significant security breach incident, three prominent tech companies, including leading network and security firm Cloudflare and renowned password manager provider 1Password, have disclosed their vulnerability to a cyberattack. Security company BeyondTrust also stands among the affected entities in this cyberattack.
These intrusions were found to be connected to a recent breach of Okta’s customer support unit, a company specialising in single sign-on technology for businesses and organisations.
Both Cloudflare and 1Password affirmed that no customer systems or user data were compromised during the security breach.
1Password’s Chief Technology Officer, Pedro Canahuati, reassured users in a blog post, stating that their investigation found “no compromise of user data or other sensitive systems, either employee-facing or user-facing.” He explicitly attributed the incident to Okta’s support system breach, and Cloudflare confirmed this sentiment in their blog post.
Okta had announced that hackers had successfully infiltrated their customer support unit, where they gained access to files uploaded by customers for diagnosing technical issues. These files contained valuable browser recording sessions, which might contain sensitive user credentials, such as cookies and session tokens. Hackers can exploit these credentials to impersonate user accounts. Roughly 1% of Okta’s 17,000 corporate customers, totalling 170 organisations, were affected by this breach.
1Password detailed that the hackers leveraged a session token from a file uploaded by a member of Okta’s IT team to access their systems, allowing the hackers to use the IT member’s account without needing their password or two-factor code, providing limited access to 1Password’s Okta dashboard. The breach occurred on September 29, two weeks prior to Okta’s public disclosure.
Cloudflare, which also suffered a similar breach, was able to fend off the attackers. Their Chief Information Security Officer, Grant Bourzikas, attributed this resilience in large part to the use of hardware security keys that effectively counter phishing attacks. They confirmed that there was no access by the threat actors to any of their systems or data.
BeyondTrust, another security company, reported that they, too, were affected by the Okta breach but acted promptly to shut down the intrusion. They, however, criticised Okta for taking almost three weeks to acknowledge the breach.
While this breach has raised concerns, it is reassuring to see that these companies took immediate action to mitigate the damage and, most importantly, no customer data was compromised during the incidents. These events must be a reminder of the constant vigilance required in the world of cybersecurity.
