Okta recently disclosed details of a system breach that occurred at the end of October 2023, following the completion of an extensive investigation. David Bradbury, the Chief Security Officer, made the announcement through the company’s blog, explaining that the breach was caused by an employee who used the company’s notebook to log into their personal Google account on Chrome and stored various passwords in Chrome. This allowed hackers to gain access to those passwords and later spread to internal accounts within the company.
According to Okta, they received abnormal behavior notifications from three customers, namely 1Password, BeyondTrust, and an undisclosed customer. This prompted the Okta team to investigate the issue. The company received the first notification of suspicious activity on September 29th and discovered the compromised accounts on October 16th, nearly three weeks later. Afterward, Okta took measures to revoke old tokens used in login sessions and notified customers of the breach.
Okta identified 134 affected organizations as targets of the attack, with at least five customers having their tokens stolen during sessions, including the previously mentioned three customers, along with Cloudflare and another undisclosed company.
Ars Technica, a media outlet, criticized Okta, pointing out that employee account breaches are common but the spread to internal company systems signifies a flaw in Okta’s internal security measures. Employees should not have personal account access within Okta’s secure environment. Additionally, questions arise as to why hackers were able to access employee accounts on Okta using only stolen passwords, without the need for standard MFA protocols or limited access controls. Even Okta’s own monitoring system failed to detect the breach and relied on external notifications.
In conclusion, Okta’s recent data breach highlights potential weaknesses in their internal security measures. The breach not only compromised personal accounts but also spread to internal systems, raising concerns about access controls and monitoring within Okta.
TLDR: Okta recently experienced a system breach caused by an employee using their personal account on Chrome, which led to the compromise of internal accounts. The breach affected 134 organizations, and questions have been raised about Okta’s internal security measures and the hackers’ ability to access employee accounts with only stolen passwords. Ars Technica criticized Okta’s handling of the breach, highlighting the importance of robust access controls and monitoring.