Blackbit uses Okta cloud software for identity and access management. After a cyber attack on the company, many users are worried. But Blackbit is not affected - and has nevertheless reacted as a precaution.
The reports on the web have been pouring in over the past few days. After a hacker attack on the Californian company Okta, developers, software users and their customers are rightly wondering whether their data stored there is safe. After all, Okta helps companies manage and secure user authentication in applications for customers as well as for internal purposes. It's no wonder that reports of potential security risks in this sensitive area are causing uncertainty across the industry.
After screenshots showing Okta's internal application SuperUser were released by the hacker collective LAPSUS$ on March 22, 2022, the company immediately took a stand and commented on the incidents.
The application called SuperUser, which the fledgling hacker collective LAPSUS$ was able to gain access to, is used by support engineers at Okta to handle basic administrative functions for Okta customers. Support engineer-level access is thereby limited to basic tasks in handling incoming service requests. Support engineers use a variety of tools to do their jobs, including Okta's instances of Jira, Slack, Splunk, RingCentral, and support tickets through Salesforce.
Support technicians have limited privileges in the SuperUser application because it's a least-privilege application. This ensures that technicians only have the access they actually need to perform their tasks.
The mere fact that an external attack on a company specializing in access security and management was successful at all is rightly worrying customers of the company. However, in his statement, David Bradbury, chief security officer at Okta, was able to provide credible assurances that the access was at the lowest level of security and did not result in any compromise of customer accounts.
Okta also transparently communicates the exact sequence of events and how the incident was perceived internally, what actions have already been taken, and what further steps are still pending in the incident's resolution. For companies that want to analyze the attack internally on their own, Okta will also provide a detailed report that lists all activities that were recorded during the period of the attack.
The accesses managed by Blackbit via Okta and all data associated with them are secure. This was the result of an immediate audit of our accounts. Nevertheless, we preemptively changed all accesses of our more than 50 team members - as well as all administrator accesses to exposed customer applications. This preventive response to the incident was quick and efficient to implement, thanks in large part to the use of centralized security applications.
After a thorough, independent review of the incidents, Blackbit continues to rely on the technology and services of the San Francisco-based company, which is one of the undisputed leaders in access management, according to Gartner's Magic Quadrant.
But Blackbit is keeping a close eye on customer data security at the moment, not just because of the Okta attack, but also with an eye on the war in Ukraine. If, despite our all-clear, you still have questions about the security of your data and applications, please feel free to contact us directly.