Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The largest supply chain hack of the year has caught out some companies, but others have been luckier – here’s what saved Okta from joining the list.
While several security and connectivity firms have been forced to come out this past week as victims of a widespread supply chain hack, identity management firm Okta was able to step up and proudly say it dodged the bullet.
“A recent security incident involving the compromise of Salesloft Drift, a popular marketing automation tool, has affected a large number of organisations,” Okta said in a September post to its newsroom.
“This incident has impacted many of our technology peers. These events naturally raise questions for our customers and partners: ‘Was Okta impacted?’ and ‘What is Okta doing to protect our data?’
“The answer is no, in case you were wondering.
“Our security team thoroughly investigated our systems and confirmed that while we observed evidence of attempts to access our resources using stolen tokens, our defences worked as designed to prevent a breach.”
As a rule, Okta enforces inbound IP addresses, which means when it was targeted – and Okta admits it was – the threat actor was blocked before they could even gain access to the network.
Cyber security and systems management firm Tanium, however, did not have the opportunity for a humble brag; it, too, recently disclosed that it had been impacted by the hack.
“We were recently notified that the attackers had obtained Tanium credentials from Salesloft Drift and may have been able to access Tanium’s Salesforce data,” Tanium said in a 28 August blog post.
“Based on our investigation, the threat actors had limited access to our Salesforce data and the impact of their unauthorised access to Salesloft Drift was limited to Salesforce and no other Tanium systems.”
According to Tanium, the only data compromised was “commonly available business contact information”, such as names, business emails, phone numbers, and location data.
“At this time, Tanium has no evidence that any of our customers’ information has been misused,” Tanium said.
“However, we wanted to notify you about this incident so you can take the necessary precautions.”
Like many other victims, Tanium disabled Salesloft Drift’s access to its Salesforce data and launched a full investigation to understand the incident and prevent similar ones.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
