Introduction
Have you heard about Okta?
Even if you haven’t, you still might have been affected by the large-scale breach on their systems which rocked the tech community on 19 October, 2023.
Okta is a third-party service which provides companies, like your own for example, with multi-factor authentication and other secure biometric identification and single sign-on tools.
You can imagine how fast a breach on those services can go badly.
Behind the Breach on Okta
This is how quickly one single, swift lapse in security awareness can trigger a tidal wave of consequence: One Okta employee signed into their personal Google account on their company-issued laptop. Because their professional login credentials were saved to the same Chrome browser, their work accounts were accessible too.
This case perfectly encapsulates why it’s important to keep your work and personal accounts SEPARATE. Personal devices and accounts are notoriously less secure than the ones you use for work. It’s not because you treat one with more care; rather, consider how many defenses you have on your work computer versus your personal laptop.
Does your job have regulations that require you to use virtual private networks when you’re logging in from somewhere besides the office? Do you have to use more multi-factor authentication? Can you download any app you want, or is that regulated by your IT team? Are your firewalls still set to default, or have the settings been customized to maximize both safety and efficiency?
Typically, work computers and accounts are more secure simply because you have a dedicated security team whose job it is to enforce cybersecurity and compliance. When it’s all up to you, it’s easier for small mistakes to create big problems.
What Happened to Okta?
After a breach, it’s critical to communicate the extent of the damages to those who may have been affected. Depending on regulations in your industry and locale, the service that was breached may also have to report to government or industry organizations. For example, banks have to report breaches to the FTC within thirty days; likewise, HIPAA violations must be disclosed to affected parties within sixty days.
Once the threat actors successfully breached Okta’s internal systems, they stole session token from customer support chat files that were saved to the company server. From those tokens, the hackers were able to hijack legitimate administrative accounts. From there, they breached Okta sessions with various companies that use the service.
When Okta discovered the breach on files linked to 134 customers, they notified the affected parties and began protocol to patch the vulnerability and prevent similar breaches going forward.
What Does This Mean for The Customers’ Privacy?
Keep in mind that although they acted swiftly after the breach was discovered, the threat actors are estimated to have been in the system for three weeks before they were found out. Customer data was accessed all the while.
So yes, you will be notified if a breach occurs on your private data from any company to which you’ve entrusted that information…but that only secures your accounts after the damage is done.
While there are services to help remediate some of the damage post-attack, it’s important to take steps to protect your data EVERY DAY.
- For starters, employ Dark Web Monitoring services, like ours, to immediately detect your personally identifiable information in the dark marketplace.
- Understand how to most efficiently and securely manage third-party suppliers and risks.
- Assess your accounts, networks and systems so you can notice and report suspicious activity immediately.
- Really research third-party services before using them, just like you would with any website or program.
- Stay up to date with news alerts from any company that has your personal information; that way you’ll know right away if they announce a security breach.
In this day and age, data breaches are well-night inevitable…but you do have defenses to protect your private information.
References
- https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/
- https://www.techradar.com/pro/security/okta-says-a-single-employee-using-a-personal-device-and-email-account-was-to-blame-for-its-hack
- https://www.helpnetsecurity.com/2023/11/06/okta-support-compromised-service-account/
- https://www.scmagazine.com/news/okta-breach-linked-to-workers-personal-google-account
