Deep Dive – OKTA Data Breach

Infographic Threat Talks - Security and Compliance

OKTA Data Breach

Even security providers aren’t immune How does a company specializing in Identity and Access Management like OKTA suffer a data breach? In this case, a service account password was inadvertently saved by an OKTA employee to their personal Google account, which led to the credentials being leaked. This incident exposed a significant gap in compliance and highlighted how human error can result in even the most well-respected cybersecurity companies being compromised. In our latest Deep Dive, Tim Timmermans (CISO ON2IT) and Rob Maas (Field CTO ON2IT) join host Lieuwe Jan Koning to unpack how this breach occurred, and what lessons we can all learn from it. If even cybersecurity companies are vulnerable, how can you ensure your organization stays protected?  

Infographic

For a complete overview of the Accellion FTA breach and other attacks featured in the Bridging the Gap: Compliance and Security Threat Talks; download the infographic.

Your cybersecurity experts

Lieuwe Jan Koning

Co-Founder and CTO, ON2IT Group

Rob Maas, Field CTO, ON2IT

Rob Maas

Field CTO, ON2IT

Tim Timmermans - CISO NL, ON2IT

Tim Timmermans

CISO the Netherlands, ON2IT

Episode details

When customer support gets hacked

In October 2023, OKTA—a leader in Identity and Access Management (IAM)—faced a security incident due to a mix of compliance issues and human error. It all started when an OKTA employee, while logged into their personal Google account, accidentally saved a service account password through Chrome.

The breach was uncovered when companies like 1Password, BeyondTrust, and Cloudflare flagged suspicious activity to OKTA.

For this Deep Dive into the OKTA data breach, host Lieuwe Jan Koning is joined by CISO Tim Timmermans and Field CTO Rob Maas of ON2IT.

Rob walks us through all the steps the attacker took: from how the credentials were likely leaked after the employee saved them to his personal Google account, to how the login details were then used to extract HAR files.

Tim explains what could have been done differently: had OKTA employed controls like MFA and better endpoint protection, this attack could’ve easily been prevented.

Curious what steps could’ve been taken? Tune in for this Deep Dive and find out!

 

Stay up-to-date on cybersecurity threats

Subscribe to our Spotify channel for deep dives into the dynamic world of cybersecurity. Stay informed, and stay secure!

Infographic Threat Talks - Security and Compliance