1Password has revealed it has suffered a security incident as a result of Okta’s support system breach.
On October 20, 2023, Okta announced it had suffered a breach of its support case management system:
Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta’s support case management system.
The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.
1Password has confirmed that it suffered a security incident that is directly a result of Okta’s breach:
We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed.
On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.
Since then, we’ve been working with Okta to determine the initial vector of compromise. As of late Friday, October 20, we’ve confirmed that this was a result of Okta’s Support System breach.
Despite the incident, it is good news that no user data was accessed.