Tag Archive for: Okta

Cloudflare Okta Breach Doesn’t Have A Big Impact, Company Says


According to the company, the recent Cloudflare Okta breach has not caused any harm to any of the customers or users. However, the incident brought more questions about the Okta breach, which affects many different services and companies.

In today’s digital world, online data security is constantly under threat, making news of cyberattacks almost routine. However, when a company like Cloudflare—a leader in internet security—reports a breach, it grabs everyone’s attention, particularly when a nation-state is believed to be behind the attack. The Cloudflare Okta breach serves as a vivid reminder of the cyber dangers that loom in the shadows.

Cloudflare Okta breach explained

On November 14, Cloudflare found itself under attack. The intruders, suspected to be supported by a nation-state, targeted Cloudflare’s internal Atlassian server, aiming for critical systems, including the Confluence wiki, Jira bug database, and Bitbucket source code management.

This initial intrusion set the stage for a more aggressive attack on November 22, where the attackers established a strong presence on Cloudflare’s server, accessed the source code, and even attempted to infiltrate a console server tied to an undeveloped data center in São Paulo, Brazil.

cloudflare okta breach
Company executives explained the Cloudflare Okta breach incident on the official blog page (Image Credit)

The method of entry for the attackers was particularly concerning. They used credentials that were previously compromised during an Okta breach in October 2023, highlighting a critical oversight by Cloudflare in not rotating these credentials among the thousands affected, says Bleeping Computer.

Cloudflare CEO Matthew Prince, CTO John Graham-Cumming, and CISO Grant Bourzikas, said: “They then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system (which uses Atlassian Bitbucket), and tried, unsuccessfully, to access a console server that had access to the data center that Cloudflare had not yet put into production in São Paulo, Brazil.” You can take a look at the full statement here.


1Password Okta breach unveiled by…

Source…

Okta confirms another breach after hackers steal source code


Okta has confirmed that it’s responding to another major security incident after a hacker accessed its source code following a breach of its GitHub repositories.

The identity and authentication giant said in a statement on Wednesday that it was informed by GitHub about “suspicious access” to its code repositories earlier this month. Okta has since concluded that hackers used this malicious access to copy code repositories associated with Workforce Identity Cloud (WIC), the organization’s enterprise-facing security solution.

“As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications,” Okta said in a statement.

When asked by TechCrunch, Okta declined to say how attackers managed to gain access to its private repositories.

Okta says there was no unauthorized access to the Okta service or customer data, and products related to Auth0 — which it acquired in 2021 — are not impacted. “Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure,” Okta said.

The company said that since it was alerted to the breach, it has reviewed recent access to Okta software repositories, reviewed all recent commits to Okta software repositories and rotated GitHub credentials. Okta said it has also notified law enforcement.

Okta did not explicitly say if it has the technical means, such as logs, to detect what, if any, of its own systems were accessed or what other data may have been exfiltrated.

The company’s latest incident was first reported by Bleeping Computer earlier this week, prior to Okta’s announcement.

Earlier this year, Okta was targeted by the now-notorious Lapsus$ extortion group, which gained access to the account of a customer support engineer at Sykes, one of Okta’s third-party service providers, and posted screenshots of Okta’s apps and systems. Okta experienced a second compromise in August this year after it was targeted by another hacking campaign that breached more than 100 organizations, including Twilio and DoorDash.

Source…

Okta confirms another breach after hackers steal source code • TechCrunch


Okta has confirmed that it’s responding to another major security incident after a hacker accessed its source code following a breach of its GitHub repositories.

The identity and authentication giant said in a statement on Wednesday that it was informed by GitHub about “suspicious access” to its code repositories earlier this month. Okta has since concluded that hackers used this malicious access to copy code repositories associated with Workforce Identity Cloud (WIC), the organization’s enterprise-facing security solution.

“As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications,” Okta said in a statement.

When asked by TechCrunch, Okta declined to say how attackers managed to gain access to its private repositories.

Okta says there was no unauthorized access to the Okta service or customer data, and products related to Auth0 — which it acquired in 2021 — are not impacted. “Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure,” Okta said.

The company said that since it was alerted to the breach, it has reviewed recent access to Okta software repositories, reviewed all recent commits to Okta software repositories and rotated GitHub credentials. Okta said it has also notified law enforcement.

Okta did not explicitly say if it has the technical means, such as logs, to detect what, if any, of its own systems were accessed or what other data may have been exfiltrated.

The company’s latest incident was first reported by Bleeping Computer earlier this week, prior to Okta’s announcement.

Earlier this year, Okta was targeted by the now-notorious Lapsus$ extortion group, which gained access to the account of a customer support engineer at Sykes, one of Okta’s third-party service providers, and posted screenshots of Okta’s apps and systems. Okta experienced a second compromise in August this year after it was targeted by another hacking campaign that breached more than 100 organizations, including…

Source…

LAPSUS$ Hacker Group Arrests; Okta Breached – ThreatWire