This podcast episode covers a security breach suffered by identity vendor Okta involving its customer support systems, which has sparked criticism from customers.
An Okta customer support system was breached via stolen credentials recently, and the company is facing criticism from customers that were impacted.
The identity and access management (IAM) vendor last Friday disclosed that an unnamed threat actor used stolen credentials to breach its support case management system and access corporate customer data. In a blog post, Okta CSO David Bradbury said the adversary "was able to view files uploaded by certain Okta customers as part of recent support cases," and noted the production Okta service was not impacted.
Bradbury's blog post did not specify how the credentials were stolen, when they were stolen or which customers were affected. However, several customers later filled in some of the blanks.
BeyondTrust published a blog Friday revealing that it first alerted Okta of a potential breach after detecting initial threat activity in the BeyondTrust network on Oct. 2. Cloudflare, meanwhile, published a somewhat critical blog post titled, "How Cloudflare mitigated yet another Okta compromise." The security vendor said it discovered and mitigated an attack on its systems on Oct. 18, "more than 24 hours before we were notified of the breach by Okta."
And, on Monday, 1Password CTO Pedro Canahuati said in a blog that his company found threat activity even earlier than BeyondTrust on Sept. 29. Canahuati said the company worked with Okta and determined the breach came from Okta's support system. 1Password also found that this incident shares similarities with the campaign that resulted in the compromise of MGM Resorts and Caesars Entertainment.
BeyondTrust, Cloudflare and 1Password said the incident had no impact on any of their respective customers.
On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss the fallout of the Okta breach, the frustrations expressed by customers and lingering questions for the IAM vendor.
Subscribe to Risk & Repeat on Apple Podcasts.
Alexander Culafi is an information security news writer, journalist and podcaster based in Boston.