Okta's recent security events

Okta's recent security events

Hello again all my security superhero's! 🦸🏻‍♀️ My apologies for the delay between blogs, but I went down a rabbit hole of “Okta's recent security events”, and this will be ProzzessTec’s first multi-part blog! 🎉

 

This write-up will be the first of four in the series. This will cover Okta's most recent event that cost two billion dollars in market capitalization.💰💰 For a quick summation of the event… an office support agent’s account was compromised, and that account was used to request legitimate session tokens. The session tokens are a legitimate way for a support agent gain access to a clients account. It’s Okta’s process to provide support to their clientele.

 

The write ups of this event, all points to a lack of response from Okta. Boooooooooooo...👻 normally I am a little gun-shy 🔫 to shoot a trusted security tool, but lets face it...there are some actions that deserve 2 billion loss in market capitalization...Sadly, Okta's lack of security gravitas in this case showcase how important it is to handle your biz! 🏦

 

Please Feel free to read about it 🔗 here for the overview! A little more detail can be found 🔗 here!

 

To summarize the articles...and to paint a decent picture as to why Okta lost 2 billion in market cap...

 

1) Okta support account was compromised

2) 1Password, BeyondTrust, and Cloudflare contact Okta to advise Okta has an issue with a bad actor. (Not a big deal, this happens...correct next step is to acknowledge the problem and fix...so what does Okta do?)

3) Okta waits at LEAST 2 weeks (Of all things that Okta could have done, waiting two weeks is going to be near the bottom of that list, second only to formatting all systems and starting from scratch!) 🙈

 

WEEKS! Within a few minutes, a hacker can gain access to most of your landscape (Scripts, gotta love 'em)...allowing them to flourish for WEEKS though!!!??? Yeah...that's bad. If you were to ask me, its about as bad as 2 billion in market cap loss! 👎

 

4) Okta finally fixes things and communicates with their clients. We are now in this stage of the game.

 

Prozess-wise...no gold star today. 😥 Okta missing the opportunity to safeguard their clients by keeping quiet is something that we should not support with our security vendors… Our security vendors primary job is to keep us safe… When that fails (all security will fail… Any security plan without fall back options once your perimeter is breached, is not a good security plan), their second job is to report, remediate, and communicate that all is well. If our security vendors don't warn us, it allows bad actors free rein on our systems. 🥷

 

How to protect ourselves? The way 1Password/BeyondTrust/Cloudflare handled it was near perfect… 🏆 They had systems in place that alerted when something "not normal" was happening. Once they discovered the anomaly was indeed a true positive event…. They shut down the bad actors access and contacted Okta.

 

1Password, BeyondTrust, and Cloudflare's mix of systems and process was able to identify a bad actor on someone else's system… That's pretty awesome! Great job team!

 

So the gold star ⭐️ winners today as it pertains to Okta's security breach are...1Password/BeyondTrust/Cloudflare! 🎉

 

Contact us to learn more on how to keep your cybersecurity guards up

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.