Network security behemoth Cloudflare (NYSE:NET) and password management firm 1Password have revealed that they were momentarily targeted by hackers following a recent security incident at single sign-on solution provider Okta's customer support unit.
Both companies confirmed that the intrusions did not compromise their customer systems or user data.
Okta reported late on Friday last that its customer support unit had been compromised.
Hackers gained access to files containing sensitive information such as browser recording sessions, cookies and session tokens.
According to Okta spokesperson Vitor De Souza, around 1% of its 17,000 corporate customers, or 170 organisations, were affected.
Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion, says Brian Krebs, the security journalist who first reported the inident.
This incident marks another security issue for Okta, following the theft of its source code in December 2022 and a separate incident in January 2022.
We detected suspicious activity on our Okta instance but confirmed no user data was accessed.Pedro Canahuati, our CTO, provides more information in this blog post https://t.co/x2bAUvw7ez, which includes our internal Okta Incident Report for additional details.
— 1Password (@1Password) October 23, 2023
"Immediately halted"
Pedro Canahuati, chief technology officer at 1Password, stated in a blog post that the intrusion was immediately halted and subsequent investigations showed no compromise of user data. "We’ve confirmed that this was a result of Okta’s support system breach," said Canahuati.
Both 1Password and Cloudflare reported that the hackers had used session tokens, extracted from files uploaded to Okta's support system for technical troubleshooting, to gain limited access.
Security firm BeyondTrust also indicated that it was impacted by the Okta breach but had quickly terminated the intrusion.
Okta compromised… again. Here’s how @Cloudflare, even though we were (again) targeted, was able to mitigate the attack. And some best security practice suggestions for @okta and their customers. https://t.co/E1LYgveKGO— Matthew Prince ???? (@eastdakota) October 20, 2023
Okta's share price plummeted over 11% on Friday, erasing at least US$2 billion from the company’s market value.
The news comes as part of a broader conversation surrounding cybersecurity vulnerabilities in the tech sector, raising questions about how interconnected systems can be exploited.