While data breaches occur around the world, the US is the overall leader, and it affects individuals and giant companies alike. Two of the latest victims are Okta and LastPass, companies that have experienced more than one hack in the past year. However, the two hacks are completely different in nature, which will be detailed below.
LastPass hackers steal customer password vaults: In November, LastPass reported a security incident via blog post. The hackers gained access to customer information through a third-party cloud service used by the password manager and its parent company, GoTo.
- LastPass did not reveal the name of the third-party cloud service.
- The hackers used information acquired during another incident in August.
At the time of the report, CEO Karim Toubba did not report what data was stolen, but an addition to the blog post said that “customers’ passwords remain safely encrypted.” However, it has now been determined that the hackers took encrypted password vaults, which store customer passwords and more.
- Specifically, the hackers took a copy of a backup of customer vault data, which was accessible with cloud storage keys taken from a company employee.
- There was no clear indication of how recent the backup data was.
What does that mean for LastPass customers? According to LastPass, password vaults are encrypted, meaning they can only be accessed using a master password only known to the customer. But the hackers can always try to brute force the master passwords on the accounts and decrypt the copies of the vault data.
- The hackers also took customer data that included names, emails, phone numbers, and billing info.
- Customers are advised to change their master passwords to something new and unique to ensure the vault remains secure. Additionally, if there is a chance of a compromised vault, customers have been instructed to change the passwords stored inside immediately.
Okta breach involves its source code: Unlike the LastPass breach, the Okta breach did not impact customers. Instead, the company’s source code was accessed by an unknown actor after a breach of its GitHub repositories. The code hosting platform informed Okta about suspicious access to the repositories, which the company responded to by restricting access and suspending third-party integrations.
- The hackers copied repositories related to Workforce Identity Cloud (WIC), an enterprise-focused security solution.
- It is unknown exactly how the hackers gained access to the private repositories.
How will the Okta breach affect customers? Okta responded to the breach by reassuring its customers. “Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure.”
The company said there was no unauthorized access to the Okta service. Also, customer data and products related to Auth0 were not impacted in any way to its knowledge.
Okta’s response: The company alerted law enforcement, reviewed all of the repositories, and changed GitHub credentials. However, with LastPass serving as the example, the true damage might not be known immediately.
Data breaches are all too common: Aside from LastPass and Okta, Uber recently experienced a breach that revealed more than 77,000 employee emails and other data. Additionally, Twilio and many others found themselves the victims of a series of attacks earlier in the year by a group that primarily targeted organizations using Okta.