1Passowrd is one of the largest password management companies in the world. He revealed the fact that he had suffered a hacker attack and it appears to have arrived directly after the Okta breach.
1Password suffers a hacker attack: here’s what happened
To better explain what happened, here is what the 1Password CTO Pedro Canahuati. “On September 29, we detected suspicious activity on our Okta instance. Instance we use to manage our employee-facing apps,” 1Password CTO Pedro Canahuati wrote in an email. “We immediately stopped the activity, we then investigated and found no compromise of user data or other sensitive systems, whether employee- or user-facing,” Ars Technica reports.
The CTO further added that 1Passowrd investigated how the attackers managed to carry out this hack and thus breach the systems. To better explain what happened, identity management and authentication services provider Okta revealed news of a hacker who breached its customer support case management system, using means still unknown to him.
hacker attack asl rome 3 tech princess
Hacking of an IT employee
Once inside, the hacker managed to obtain files uploaded by his clients, which often included authentication cookies and session tokens. These files can be used to bypass not only login credentials, but also multi-factor authentication (MFA), granting attackers access to various tools and services.
The problem was first identified by IT security experts belonging to BeyondTrust. This came after one of his customers reported oddities in his network immediately after being in communication with Okta.
The hackers managed to obtain a HAR file uploaded to Okta by one of its IT employees. The file contained a log of all traffic from the 1Password employee’s browser and the Okta server. Session cookies were included here, but 1Password would not discuss the authenticity of the report.
It appears that the hacker attack was aimed at the IT employee’s Okta dashboard, but was unsuccessful. Finally, they requested a report on admin users, of which all admins were informed.