Okta one-time MFA passcodes exposed in Twilio cyberattack

By Ionut Ilascu August 28, 2022 01:15 PM
he threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS from customers of Okta identity and access management company.

Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.

With access to the Twilio console, the threat actor could see mobile phone numbers and OTPs belonging to Okta customers.
Using Twilio to search for OTPs

On August 4, cloud communications company Twilio discovered that an unauthorized party gained access to its systems and information belonging to its customers.

At the time, one of the services Okta used for customers opting for SMS as an authentication factor was provided by Twilio.

On August 8, Okta learned that the Twilio hack exposed “unspecified data relevant to Okta” and started to route SMS-based communication through a different provider.

Using internal system logs from Twilio’s security team, Okta was able to determine that the threat actor had access to phone numbers and OTP codes belonging to its customers.

“Using these logs, Okta’s Defensive Cyber Operations’ analysis established that two categories of Okta-relevant mobile phone numbers and one-time passwords were viewable during the time in which the attacker had access to the Twilio console” – Okta

The company notes that an OTP code remains valid for no more than five minutes.

When it comes to the threat actor’s activity in the Twilio console regarding its customers, Okta distinguishes between “targeted” and “incidental exposure” of phone numbers.

The company says that the intruder searched for 38 phone numbers, almost all of them associated with one organization, indicating interest in gaining access to that client’s network.

Article ( https://www.bleepingcomputer.com/news/security/okta-one-time-mfa-passcodes-exposed-in-twilio-cyberattack/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”