• chevron_right

      Okta hit by another breach, this one stealing employee data from 3rd-party vendor

      news.movim.eu / ArsTechnica · Thursday, 2 November - 21:41

    Okta hit by another breach, this one stealing employee data from 3rd-party vendor

    Enlarge (credit: Getty Images)

    Identity and authentication management provider Okta has been hit by another breach, this one against a third-party vendor that allowed hackers to steal personal information for 5,000 Okta employees.

    The compromise was carried out in late September against Rightway Healthcare, a service Okta uses to support employees and their dependents in finding health care providers and plan rates. An unidentified threat actor gained access to Rightway’s network and made off with an eligibility census file the vendor maintained on behalf of Okta. Okta learned of the compromise and data theft on October 12 and didn’t disclose it until Thursday, exactly three weeks later.

    “The types of personal information contained in the impacted eligibility census file included your Name, Social Security Number, and health or medical insurance plan number,” a letter sent to affected Okta employees stated. “We have no evidence to suggest that your personal information has been misused against you.”

    Read 8 remaining paragraphs | Comments

    • chevron_right

      Microsoft takes pains to obscure role in 0-days that caused email breach

      news.movim.eu / ArsTechnica · Friday, 14 July, 2023 - 22:19 · 1 minute

    Microsoft takes pains to obscure role in 0-days that caused email breach

    Enlarge (credit: Getty Images | Aurich Lawson)

    On Friday, Microsoft attempted to explain the cause of a breach that gave hackers working for the Chinese government access to the email accounts of 25 of its customers—reportedly including the US Departments of State and Commerce and other sensitive organizations.

    In a post on Friday , the company indicated that the compromise resulted from three exploited vulnerabilities in either its Exchange Online email service or Azure Active Directory , an identity service that manages single sign-on and multifactor authentication for large organizations. Microsoft’s Threat Intelligence team said that Storm-0558, a China-based hacking outfit that conducts espionage on behalf of that country’s government, exploited them starting on May 15. Microsoft drove out the attackers on June 16 after a customer tipped off company researchers of the intrusion.

    Above all else: Avoid the Z-word

    In standard parlance among security professionals, this means that Storm-0558 exploited zero-days in the Microsoft cloud services. A “zero-day” is a vulnerability that is known to or exploited by outsiders before the vendor has a patch for it. “Exploit” means using code or other means to trigger a vulnerability in a way that causes harm to the vendor or others.

    Read 13 remaining paragraphs | Comments

    • chevron_right

      Plex imposes password reset after hackers steal data for >15 million users

      news.movim.eu / ArsTechnica · Wednesday, 24 August, 2022 - 17:33

    Plex imposes password reset after hackers steal data for >15 million users

    Enlarge (credit: Getty Images)

    Streaming media platform Plex on Wednesday said it was hacked by intruders who managed to access a proprietary database and make off with password data, usernames, and emails belonging to at least half of its 30 million customers.

    “Yesterday, we discovered suspicious activity on one of our databases,” company officials wrote in an email sent to customers. “We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.”

    The email said that the passwords were “hashed and secured in accordance with best practices,” meaning the passwords were cryptographically scrambled in a way that requires attackers to devote additional resources to crack the hashes and revert them back to their plaintext state. A Plex spokesperson said that the passwords were hashed using bcrypt, among the strongest algorithms for protecting passwords. bcrypt automatically applies what's known as cryptographic salting and peppering to make cracking harder.

    Read 6 remaining paragraphs | Comments