Topics
previous
AI
Amazon
Image Credits:Michael Vi / Getty Images
Apps
Biotech & Health
clime
Cloud Computing
Commerce
Crypto
endeavour
EVs
Fintech
Fundraising
Gadgets
back
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
concealment
Robotics
surety
societal
blank
Startups
TikTok
Transportation
speculation
More from TechCrunch
upshot
Startup Battlefield
StrictlyVC
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
web and security department titan Cloudflare and password director maker 1Password said hackers in short targeted their system followinga recent break of Okta ’s support unit of measurement .
Both Cloudflare and 1Password said their recent intrusions were linked to the Okta severance , but that the incident did not feign their client system or exploiter data .
“ We right away terminated the activity , investigated , and found no via media of substance abuser data or other sensitive systems , either employee - confront or exploiter - facing , ” said 1Password main applied science officer Pedro Canahuatiin a blog post . “ We ’ve confirmed that this was a result of Okta ’s financial support organization breach , ” said Canahuati .
Ars Technicafirst reportedthat 1Password was affected by Okta ’s rupture .
Okta , which cater single sign - on technology to party and organizations , saidlate on Fridaythat hackers had broken into its customer musical accompaniment unit and slip files uploaded by its customers for name technical trouble . These file include browser app transcription sitting that can hold sensitive substance abuser credentials , such as cookies and session tokens , which if stolen can appropriate cyber-terrorist to impersonate user business relationship .
Okta interpreter Vitor De Souza tell TechCrunch that about 1 % of its 17,000 bodied customers — or 170 organizations — were affected by its severance .
In an affiliated composition detailing the protection incident , 1Password said the hackers used a session token from a data file that had been uploaded by a member of the IT team in the beginning in the day to Okta ’s backing unit system for troubleshooting . The session token allowed the hacker to expend the IT member ’s account without involve their password or two - factor codification , granting the cyber-terrorist limited access code to 1Password ’s Okta dashboard .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
1Password say the incident occurred on September 29 , two weeks before Okta went public with details of the incident .
Cloudflare also confirm in ablog poston Friday that hackers likewise aim its systems using a session token steal from Okta ’s support unit . Cloudflare ’s primary information security officer Grant Bourzikas say Cloudflare ’s incident , which begin on October 18 , resulted in “ no admittance from the scourge role player to any of our organization or data , ” in orotund part because Cloudflare expend ironware security keys that evade phishing attacks .
security department companionship BeyondTrust said it was also bear upon by Okta ’s breach , but that it also quickly close down its intrusion . In ablog post , BeyondTrust said it notify Okta of the incident on October 2 , but accused Okta of not recognise the breach for almost three weeks .
This is Okta ’s a la mode surety incident , followingthe theft of some of its generator codein December 2022 , and an incident to begin with in January 2022 wherehackers post screenshotsof Okta ’s internal internet .
Okta ’s stock price dropped more than 11 % on Friday — wiping at least $ 2 billion off the company ’s value — follow news of the falling out , which wasfirst reportedby security system journalist Brian Krebs .
Okta suppose cyberpunk steal client access code tokens from support unit
