You Won’t Believe How Okta Got Pwned

You might recall that Okta’s support systems were pwned by hackers. That led to Okta customers getting pwned shortly thereafter. Well, you won’t believe how Okta got pwned. Here’s the details:

The unauthorized access to Okta’s customer support system leveraged a service account stored in the system itself. This service account was granted permissions to view and update customer support cases. During our investigation into suspicious use of this account, Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop. The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device. 

That’s not good from a specific point of view. More on that in a second. Anurag Gurtu, Chief Product Officer at StrikeReady had this to say:

“The recent security breach at Okta serves as a stark reminder of the potential vulnerabilities that can arise from seemingly innocuous practices, like using personal accounts on company devices. This incident underscores the critical need for organizations to reinforce their cybersecurity policies and ensure that employees are fully aware of the risks associated with mixing personal and professional digital activities.

It’s also a call to action for companies to continuously monitor and manage access privileges, and to deploy multi-layered security measures that can detect and mitigate unauthorized access promptly. Effective cybersecurity is not just about having the right tools; it’s about instilling the right discipline and awareness at every level of the organization. As we assist our clients in navigating their cybersecurity landscape, incidents like these are invaluable learning opportunities to fortify their defenses and prepare for the inevitability of human error.”

Okta said the breach impacted 134 customers, representing less than 1% of all their customers. Not that it matters because one customer who was affected by this is one too many. But to me, it really feels that Okta is throwing the employee under the bus here for having a support system that was clearly vulnerable to attack. Honestly, I think Okta needs to do better here for themselves, and more importantly their customers.

Leave a Reply

%d bloggers like this: