Mondays are for checking months of logs, apparently, if MFA's not enabled
Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.
On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.
Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach.
As a follow-up to the most recent Okta breach, we are making a HAR file sanitizer available to everyone, not just Cloudflare customers, at no cost.
Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta's support case management system.
The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.
We detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.
1password detected suspicious activity following the Okta support system breach. After investigation, they determined no user data was accessed.
Cybersecurity firm Okta said an unidentified hacker had accessed the company's support system and viewed client files.
On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta. We have verified that no Cloudflare customer information or systems were impacted by this event because of our rapid response.
Help desk staff duped into resetting MFA on Okta super admin accounts, allowing threat actors to move laterally across targeted organizations.
In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code.
Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.
Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits
Documents shed some light on how Okta and its subprocessor Sitel reacted to a breach, but they don’t explain the apparent lack of urgency.
Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.
Today, March 22, 2022 at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.
La société affirme qu'un "petit pourcentage" de clients, 2,5 %, aurait pu voir ses données consultées ou faire l'objet d'une action de la part des pirates spécialisés dans le ransomware.
This update was posted at 6:31 PM, Pacific Time.
As we shared earlier today, we are conducting a thorough investigation into the recent LAPSUS$ claims and any impact on our valued customers. The Okta service is fully operational, and there are no corrective actions our customers need to take.
Le groupe cybercriminel LAPSUS$ a publié des captures d'écran montrant ce qu'il prétend être des éléments de l'environnement informatique interne de l'entreprise.
