Okta warns of "unprecedented" credential stuffing attacks on customers
Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Thanksgiving 2023 security incident
On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Okta reveals additional attackers' activities in October 2023 Breach
Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Introducing HAR Sanitizer: secure HAR sharing
As a follow-up to the most recent Okta breach, we are making a HAR file sanitizer available to everyone, not just Cloudflare customers, at no cost.
Tracking Unauthorized Access to Okta's Support System
Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta's support case management system. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.
Okta incident and 1Password | 1Password
We detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.
1Password Detects Suspicious Activity Following Okta Support Breach
1password detected suspicious activity following the Okta support system breach. After investigation, they determined no user data was accessed.
Okta stock falls after company says client files accessed by hackers via support system
Cybersecurity firm Okta said an unidentified hacker had accessed the company's support system and viewed client files.
How Cloudflare mitigated yet another Okta compromise
On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta. We have verified that no Cloudflare customer information or systems were impacted by this event because of our rapid response.
Okta customers targeted in social engineering scam
Help desk staff duped into resetting MFA on Okta super admin accounts, allowing threat actors to move laterally across targeted organizations.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Okta's source code stolen after GitHub repositories hacked
In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code.
Detecting Scatter Swine: Insights into a relentless phishing campaign
Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.
Roasting 0ktapus: The phishing campaign going after Okta identity credentials
Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits
New Lapsus$ Hack Documents Make Okta’s Response Look More Bizarre
Documents shed some light on how Okta and its subprocessor Sitel reacted to a breach, but they don’t explain the apparent lack of urgency.
A Closer Look at the LAPSUS$ Data Extortion Group
Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.
Cloudflare’s investigation of the January 2022 Okta compromise
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
Piratage Okta : 375 des clients concernés par l'attaque de Lapsus$
La société affirme qu'un "petit pourcentage" de clients, 2,5 %, aurait pu voir ses données consultées ou faire l'objet d'une action de la part des pirates spécialisés dans le ransomware.
Updated Okta Statement on LAPSUS$
This update was posted at 6:31 PM, Pacific Time. As we shared earlier today, we are conducting a thorough investigation into the recent LAPSUS$ claims and any impact on our valued customers. The Okta service is fully operational, and there are no corrective actions our customers need to take.
Piratage d'Okta : l'entreprise admet enquêter, LAPSUS$ revendique
Le groupe cybercriminel LAPSUS$ a publié des captures d'écran montrant ce qu'il prétend être des éléments de l'environnement informatique interne de l'entreprise.
Okta's source code stolen after GitHub repositories hacked
In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code.
Detecting Scatter Swine: Insights into a relentless phishing campaign
Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.
Roasting 0ktapus: The phishing campaign going after Okta identity credentials
Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits
New Lapsus$ Hack Documents Make Okta’s Response Look More Bizarre
Documents shed some light on how Okta and its subprocessor Sitel reacted to a breach, but they don’t explain the apparent lack of urgency.
A Closer Look at the LAPSUS$ Data Extortion Group
Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.