back to article 1Password confirms attacker tried to pull list of admin users after Okta intrusion

1Password is confirming it was attacked by cyber criminals after Okta was breached for the second time in as many years, but says customers' login details are safe. The outfit said the attack was initially detected on September 29 by a member of 1Password's IT team after they received an email indicating that they had ordered …

  1. Alistair

    Sanitizing things

    Okta recommends sanitizing all credentials and cookies/session tokens

    .... I had to go find the details on what is or how to create a HAR file. Okay -- yeah -- might wanna prowl through that to get rid of the fun details. That said, Okta need to manage that stuff better, logs/cases and keys to be used are not hard things to implement, even on a blind FTP server.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sanitizing things

      NOTE: Okta asks for these support files regularly, but doesn't provide tools to help scrub the data, and only recently added the suggestion the customer do so. They also didn't check the data itself, warn customers who submitted confidential information in the clear, or store it securely.

      Is victim blaming a primary strategy you want in a security provider you are trusting with the keys to your kingdom?

  2. mpi Silver badge

    Once again a gentle reminder...

    ...that the word "cloud" has two primary meanings:

    a) A large amount of water, either in gaseous form or as microdroplets, usually in the lower atmosphere

    b) Someone elses computer.

    That is all.

  3. TheGriz

    Cloud Schmoud, most end users if pressed for an answer, can't even tell you what "THE CLOUD" is.

    It's basically a MADE UP noun. I'd like to know who was the first person to USE this made up word, and learn how it gained so much traction to become what it is today, mainly a noun for the ignorant, so they don't know that Google, Amazon, and Microsoft don't have to explain that it means, hey come use "OUR SERVERS" instead of running your own server infrastructure, and the best part? We get to charge you out the arse for it.

    1. CrazyOldCatMan Silver badge

      Re: Cloud Schmoud, most end users if pressed for an answer, can't even tell you what "THE CLOUD" is.

      It's basically a MADE UP noun

      It's got a fairly defined meaning: "I don't really know where my data actually is or who has access to it"

    2. Anonymous Coward
      Anonymous Coward

      Re: Cloud Schmoud, most end users if pressed for an answer, can't even tell you what "THE CLOUD" is.

      > It's basically a MADE UP noun

      You do realize that all words are MADE UP, right?

  4. aerogems Silver badge

    Common source

    Seems like Okta is the common denominator in all of these stories. After the story BeyondTrust relayed, about how they noticed something going on, ask Okta if they are seeing it on their end, and getting nowhere until they escalate several times... I'd be looking for a new SSO vendor. Them having some issues is one thing, but when you are in the middle of a breach and they go radio silent on you, that's unacceptable in my book.

  5. Abominator

    What a cluster

    Otka are a clusterfuck of an organisation.

  6. Kevin McMurtrie Silver badge

    The cursed workflow

    Step 1) Log into a secure system while recording

    Step 2) Reproduce bug

    Step 3) Post the HAR file in a bug report ticket

    Step 4) Experts notice the production password was broadcast via ticketing updates

    Step 5) Delete the password from the ticket

    Step 6) Everyone says the production password was broadcast via ticketing updates, this time it's highlighted red in a diff with a comment saying it was a production password

    Mix this with a chain of cloud authentication managers and the world is doomed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like