11/19/2023 0 Comments 1password firefox 68“On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps,” 1Password CTO Pedro Canahuati shared in a brief blog post. Now 1Password, a popular password manager trusted by millions of people and over 100,000 businesses, reports that threat actors had accessed its internal Okta management account. At least the more sensitive ones.If you keep tabs on the information security world, you know Okta’s recent support systems breach has been all the talk. What you can do periodically, regardless of data hacks that might impact these companies, is to change passwords to your services. If you are a 1Password user, you don’t have to do anything. The initial compromise was not through the developer’s Mac.ġPassword also noted in its incident report that it has taken other measures to boost Okta security. ![]() Okta’s own security incident announcement later explained how the hackers attacked the HAR file. A scan with the free version of Malwarebytes did not reveal a possibly malicious program used to attack the Okta system. The leading theory for the data breach was the use of malware or a different compromise. Based on an analysis of how the file was created and uploaded, Okta’s use of TLS and HSTS, and the prior use of the same browser to access Okta, it is believed that there was no window in which this data could have been exposed to the WiFi network, or otherwise subject to interception.ġPassword disconnected the MacBook from the web and inspected it. The HAR file was created on the team member’s macOS laptop and uploaded via hotel-provided WiFi, as this event occurred at the end of a company event. Interestingly, 1Password details how the employee interacted with the Okta system before the attack: Image source: Christian de Looper for BGR 1Password detailed the hacker’s actions as follows: The unknown attacker used the same Okta session to access the Okta administrative portal. “This HAR file contains a record of all traffic between the browser and the Okta servers, including sensitive information such as session cookies.” The 1Password developer in question “was engaged with Okta support, and at their request, created a HAR file from the Chrome Dev Tools and uploaded it to the Okta Support Portal,” the company explained. “The activity that we saw suggested they conducted initial reconnaissance with the intent to remain undetected for the purpose of gathering information for a more sophisticated attack,” 1Password wrote. ![]() Preliminary investigations revealed activity in our Okta environment was sourced by a suspicious IP address and was later confirmed that a threat actor had accessed our Okta tenant with administrative privileges. They recognized that they hadn’t initiated the admin report and alerted our security incident response team. On September 29, 2023, a member of the IT team received an unexpected email notification suggesting they had initiated an Okta report containing a list of admins. That included issuing a warning to users just days before Christmas last year.īack to 1Password, the company explained in more detail what had happened on September 29th when the breach occurred: ![]() LastPass did a terrible job disclosing the attack in a timely manner.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |