Microsoft and Okta Attacks:
Nation-state actors have been seen to abuse OAuth applications to move laterally across cloud environments. Major software companies like Microsoft and Okta have fallen victim to attacks leveraging compromised machine identities, highlighting the vital need to connect non-human identities with their human counterparts for complete visibility and protection.
3
OAuth application abuse
Dropbox Sign Breach (May 2024):
Attackers compromised a backend service account with excessive privileges, accessing the customer database and exposing sensitive user data, including email addresses, usernames, hashed passwords, API keys, and OAuth tokens.
2
Overprivileged service accounts
Attackers will target NHIs for lateral movement due to their high-access privileges, low visibility, and protection challenges. Even better—in many cases, NHIs fly under the radar of security and identity teams because they don’t even know they exist.
Insecurity in the shadows: New data on the hidden risks of non-human identities
The role of NHIs in real-world attacks
Internet Archive Breach (October 2024):
Attackers exploited unrotated API keys leaked from the Internet Archive's GitLab repository, gaining access to over 800,000 support tickets containing sensitive user information.
1
API key or token theft
Microsoft and Okta Attacks:
Nation-state actors have been seen to abuse OAuth applications to move laterally across cloud environments. Major software companies like Microsoft and Okta have fallen victim to attacks leveraging compromised machine identities, highlighting the vital need to connect non-human identities with their human counterparts for complete visibility and protection.
3
OAuth application abuse
Dropbox Sign Breach (May 2024):
Attackers compromised a backend service account with excessive privileges, accessing the customer database and exposing sensitive user data, including email addresses, usernames, hashed passwords, API keys, and OAuth tokens.
2
Overprivileged service accounts
Internet Archive Breach (October 2024):
Attackers exploited unrotated API keys leaked from the Internet Archive's GitLab repository, gaining access to over 800,000 support tickets containing sensitive user information.
1
API key or token theft
Attackers will target NHIs for lateral movement due to their high-access privileges, low visibility, and protection challenges. Even better—in many cases, NHIs fly under the radar of security and identity teams because they don’t even know they exist.
The role of NHIs in real-world attacks
Insecurity in the shadows: New data on the hidden risks of non-human identities
