1Password confirms attacker tried to pull list of admin users after Okta intrusion

2023-10-24 15:15

1Password is confirming it was attacked by cyber criminals after Okta was breached for the second time in as many years, but says customers' login details are safe.

The main suspicion continued to be malware until last week when Okta publicized the issues it was facing with a number of its customers, including 1Password.

The attacker was able to compromise Okta's internal support systems, which is how they were able to access the 1Password IT team member's HAR file after they sent it to Okta support.

In March 2022 it was revealed that during a five-day window, a Lapsus$ attacker had remote access to an Okta support engineer's computer but Cloudflare found no evidence of real compromise of its Okta tenant.

At the time, according to screenshots posted by the attackers, their level of access suggested they had the power to change customers' user's passwords, but it wouldn't have impacted Cloudflare since it uses a combination of passwords and hardware keys for MFA. Similar to the 1Password case, a Cloudflare session token was hijacked after it was created with Okta support.

"Having received no acknowledgment from Okta of a possible breach, we persisted with escalations within Okta until October 19th when Okta security leadership notified us that they had indeed experienced a breach and we were one of their affected customers."

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/24/1password_confirms_all_logins_are/

#1password #okta

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
1Password		7	1	9	1	1	12
Okta		7	0	3	6	0	9