Security News > 2023 > November > Okta October breach affected 134 orgs, biz admits

Infosec in brief Okta has confirmed details of its October breach, reporting that the incident led to the compromise of files belonging to 134 customers, "Or less than 1 percent of Okta customers."

Okta's report on the breach confirms much of what was previously known, but provides the first set of solid numbers of those affected, and notes that five of its 134 affected customers experienced their own intrusions - at least that Okta knows of.

Along with 1Password, Okta said that identity management company BeyondTrust and web security firm Cloudflare were targeted, along with two unnamed customers.

Cloudflare has had its own trouble of late, which doesn't appear to be linked to the Okta breach.

The Okta attackers made off with HTTP Archive files that contain cached web session data and cookies that can be used to impersonate valid users, which appears to be what the attackers attempted to do.

"Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop," Okta chief security officer David Bradbury wrote Friday.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/06/security_in_brief/