If you keep tabs on the information security world, you know Okta’s recent support systems breach has been all the talk. Now 1Password, a popular password manager trusted by millions of people and over 100,000 businesses, reports that threat actors had accessed its internal Okta management account.
“On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps,” 1Password CTO Pedro Canahuati shared in a brief blog post. “We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.”
Last Friday, Okta disclosed that malicious actors used stolen credentials to access Okta’s support case management system. The company specializes in identity and access management (IAM) services for heavy hitters such as Peloton, Slack, Zoom, and GitHub.
As part of Okta’s customer support process, they required customers to create an HTTP archive, also known as a HAR, file that contains a record of all traffic sent between the browser and Okta servers. This also includes sensitive information such as session tokens and authentication cookies.
According to 1Password, a member of its IT team created a HAR file and uploaded it to the Okta Support Portal. After which, on September 29, a threat actor using the same Okta authentication session from the HAR file accessed 1Password’s Okta administrative portal.
“It has been confirmed that the generated HAR file contained the necessary information for an attacker to hijack the user’s session,” 1Password states in an internal security incident report.
“…We have no evidence that proves the actor accessed any systems outside of Okta. The activity that we saw suggested they conducted initial reconnaissance with the intent to remain undetected for the purpose of gathering information for a more sophisticated attack.”
“The adventure of life is to learn. The purpose of life is to grow. The nature of life is to change. The challenge of life is to overcome. The essence of life is to care. The opportunity of like is to serve. The secret of life is to dare. The spice of life is to befriend. The beauty of life is to give.” —William Arthur Ward