The recent breach at Okta gave hackers the opportunity to try and infiltrate password manager 1Password and internet infrastructure provider Cloudflare.
Both companies are customers of Okta, a single sign-on provider to thousands of businesses. Fortunately, 1Password and Cloudflare say they were able to thwart the attackers from breaking into their IT systems.
“After a thorough investigation, we concluded that no 1Password user data was accessed,” the company said in a report on Monday.
The hackers were able to target both companies by infiltrating Okta’s customer support system, which stores HTTP archive files that customers will upload to troubleshoot issues. These same HTTP archive files can contain internet cookies and session tokens of a client, which can be used to impersonate valid Okta users.
It appears the hackers used a session token taken from an HTTP archive file to access 1Password’s Okta account last month. This triggered an internal alert on Sept. 29, which tipped off 1Password. “Preliminary investigations revealed activity in our Okta environment was sourced by a suspicious IP address and was later confirmed that a threat actor had accessed our Okta tenant with administrative privileges,” the company said in an incident report.
The company’s investigation later found that a 1Password employee shared an HTTP archive with Okta’s customer support on Sept. 29 while using a hotel’s Wi-Fi. However, all evidence suggests the hackers were only able to perform reconnaissance before they were booted out of the system.
“We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing,” 1Password added.
Cloudflare
Read more on pcmag.com