Hackers who attacked network and security giant Cloudflare and password manager maker 1Password were those who recently breached American identity and access management company, Okta.
According to blog posts, Both Cloudflare and 1Password said their recent intrusions were linked to those responsible for the Okta breach, but stated that the incidents did not affect their customer systems or user data.
According to 1Password Chief Technology Officer, Pedro Canahuati, in a blog post, said upon confirmation that the attack was a result of Okta’s support system breach the activity was immediately terminated.
“Upon termination of the activity, we investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.”
Okta, on Friday said that hackers had broken into its customer support unit and stole files uploaded by its customers for diagnosing technical problems. The files include browser recording sessions containing sensitive user credentials such as cookies and session tokens.
In a report detailing the security incident, 1Password said the hackers used a session token from a file that had been uploaded by a member of the IT team earlier on Frifrday to Okta’s support unit system for troubleshooting. The session token allowed the hackers to use the IT member’s account without needing their password or two-factor code, granting the hacker limited access to 1Password’s Okta dashboard.
1Password said the incident occurred on September 29, two weeks before Okta went public with details of the incident.
Cloudflare also confirmed in a blog post on Friday that hackers also targeted its systems using a session token stolen from Okta’s support unit. Cloudflare’s chief information security officer Grant Bourzikas said Cloudflare’s incident, which began on October 18, resulted in “no access from the threat actor to any of our systems or data,” in large part because Cloudflare uses hardware security keys that evade phishing attacks.
Security company BeyondTrust said it was also affected by Okta’s breach, but that it also quickly shut down its intrusion. In a blog post, BeyondTrust said it notified Okta of the incident on October 2. The company however accused Okta of not acknowledging the breach for almost three weeks.
Okta’s stock price dropped more than 11% on Friday — wiping at least $2 billion off the company’s value — following news of the breach, which was first reported by security journalist Brian Krebs.
Philips Babatunde