Okta has disclosed yet another breach event in which the threat actors had stolen 134 of its customers’ data and launched cyberattacks against five, following a breach of its technical support system.
The data breach that first came to its attention in late September. Okta disclosed the incident on Oct. 20, but didn’t share detailed information about its cause or scope.
The company first caught wind of the hack when customer AgileBits, the developer of the popular 1Password password manager, reported suspicious activity to its support team. Over the following days, two more customers filed similar reports. Okta investigated the matter and determined that hackers had breached a system it relies on to process users’ technical support tickets.
Before their access was blocked, the cybercriminals accessed 134 customers’ information. The stolen data included a number of session tokens that have so far been used to launch cyberattacks against five of its customers.
A session token is a file in which an application keeps information about user activity. If hackers steal such files, they can use them to log into legitimate users’ application accounts. One Okta customer, cybersecurity company BeyondTrust, reported that hackers had created an administrator account in its network using a stolen session token but failed to access any internal workloads.
Okta determined that the hackers gained access to its support system through a compromised service account. The associated username and password were saved to a personal Google account by an employee, which may have set the stage for the cyberattack. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device.
Okta has rolled out a policy that blocks employees from logging into their corporate computers using personal Google accounts. The company also upgraded the breach detection mechanism in its support ticket system. For added measure, Okta is rolling out a new feature for customers of its platform that will make their administrator accounts more secure.
The breach detailed out is one of several cybersecurity incidents the company has experienced over the past two years. Earlier this week, Okta disclosed that cybercriminals had stolen data belonging to nearly 5,000 of its employees after hacking an external supplier. Previously, the company disclosed a breach that affected several of its internal GitHub repositories