Okta Inc. today disclosed that hackers had stolen 134 of its customers’ data, and launched cyberattacks against five, following a breach of its technical support system.

Nasdaq-listed Okta provides a cloud platform that companies use to process login requests to their applications. The platform also eases related tasks such as managing user account data. Okta generated $556 million in revenue last quarter, 23% more than the same time a year earlier.

The data theft the company detailed this morning occurred during a breach that first came to its attention in late September. Okta disclosed the incident on Oct. 20, but didn’t share detailed information about its cause or scope. In a blog post published this morning, Okta Chief Security Officer David Bradbury shared an overview of the breach.

The company first caught wind of the hack when customer AgileBits Inc., the developer of the popular 1Password password manager, reported suspicious activity to its support team. Over the following days, two more customers filed similar reports. Okta investigated the matter and determined that hackers had breached a system it relies on to process users’ technical support tickets.

Before their access was blocked, the cybercriminals accessed 134 customers’ information. According to Okta, the stolen data included a number of session tokens that have so far been used to launch cyberattacks against five of its customers.

A session token is a file in which an application keeps information about user activity. If hackers steal such files, they can in some cases use them to log into legitimate users’ application accounts. One Okta customer, cybersecurity company BeyondTrust Inc., reported that hackers had created an administrator account in its network using a stolen session token but failed to access any internal workloads.

Okta determined that the hackers gained access to its support system through a compromised service account. The associated username and password were saved to a personal Google account by an employee, which may have set the stage for the cyberattack. “The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device,” Bradbury detailed in today’s blog post.

In response to the breach, Okta has rolled out a policy that blocks employees from logging into their corporate computers using personal Google accounts. The company also upgraded the breach detection mechanism in its support ticket system. For added measure, Okta is rolling out a new feature for customers of its platform that will make their administrator accounts more secure.

The breach detailed today is one of several cybersecurity incidents the company has experienced over the past two years. Earlier this week, Okta disclosed that cybercriminals had stolen data belonging to nearly 5,000 of its employees after hacking an external supplier. Previously, the company disclosed a breach that affected several of its internal GitHub repositories. 

Photo: Okta