1Password Becomes Latest Victim of Okta Customer Service Breach
Okta's IAM platform finds itself in cyberattackers' sights once again, as threat actors mount a supply chain attack targeting Okta customer support engagements.
Okta is an identity and access management platform whose authentication services affect account security, access control, and breach response.
Search across headline titles and summaries.
Background for this topic.
Okta is a cloud identity and access management platform used to authenticate people, issue access to applications, and administer workforce or customer identities. Its capabilities commonly include single sign-on, multifactor authentication, directory and lifecycle management, and policy-based authorization across SaaS, on-premises, and custom applications.
Because Okta can control access to many systems, its administrator accounts, identity APIs, integrations, and authentication sessions are high-value security surfaces. Organizations should apply least privilege, phishing-resistant MFA where feasible, careful separation of administrative roles, and prompt removal of departing users; misconfigured federation or provisioning can otherwise grant excessive or persistent access. Logs covering administrator activity, authentication events, token use, and changes to applications or policies support detection and incident response. Security advisories and vulnerability assessments should include Okta agents, connectors, browser components, and downstream integrations, while investigations should consider revoking sessions and rotating affected credentials.
Okta's IAM platform finds itself in cyberattackers' sights once again, as threat actors mount a supply chain attack targeting Okta customer support engagements.
Says logins are safe, as high-profile customers complain they knew about the breach before Okta 1Password is confirming it was attacked by cyber criminals after Okta was breached for the second time in as many years, but says customers' login details are safe.…
Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed
1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant. [...]
Threat actor accessed case management system