TLDR: Okta, a cybersecurity company, recently experienced a security breach where hackers attempted to access system administrators’ accounts. 1Password and BeyondTrust also reported similar incidents. Okta confirmed that the hackers used accounts that had requested support from Okta and provided HAR files for investigation. However, 1Password discovered unauthorized access as early as September 29th, with the intention to open additional user accounts on Google for future use. The team immediately terminated all sessions and logged out of external systems. On October 2nd, the hackers attempted to log back in through Google, but their configuration prevented further damage. BeyondTrust also reported a breach, with hackers gaining access through data sent to Okta on October 2nd. Despite Okta’s delayed responses and incomplete log reports, the company finally acknowledged the breach on October 20th. Okta mentioned that approximately 1% of their customers were affected, most likely large organizations. Further investigations from other organizations may follow.
Source: 1Password, Cloudflare, BeyondTrust