Three Data Breach Disasters Caused by Shared Super Admin Accounts

Admin accounts hold the keys to your company’s cybersecurity, but they can also be a significant source of cybersecurity risks. The average organization has 33 super admin accounts – more than half of which don’t have multi-factor authentication (MFA) enabled – with access to 40+ million unique permissions.¹

Cybercriminals and malicious users alike, including employees and third-party contractors, can exploit the elevated privileges granted by these accounts – to your company’s detriment. In this blog, we'll discuss three major data breaches caused by compromised super admin accounts and how you can prevent risks like these from impacting your business.

Why Is Sharing Super Admin Accounts So Dangerous?

IT administrators or other privileged users typically use super admin accounts to manage and control access to a company’s computer systems, networks, and applications. These accounts grant the ability to access and modify sensitive data, install or remove software, and make other critical changes to an organization’s IT infrastructure.

Determining who has accessed what information and when can be difficult if super admin accounts are shared among multiple users, ultimately making it harder for security teams to identify and respond to cyberattacks. Additionally, if a super admin account is compromised, hackers can gain unrestricted access to the company’s most sensitive systems and data.

Data Breaches Caused by Shared Super Admin Accounts

While there have been several cases of data breaches resulting from compromised super admin accounts, here are a few recent instances:

Verkada 

Verkada, a California-based security camera company, faced a major data breach in March 2021 when a group of hackers gained super admin access to its systems. The breach exposed the sensitive information of over 150,000 Verkada customers, along with live camera feeds and archived footage from several hospitals and clinics.

The hackers claimed they carried out the breach to raise awareness about the security risks associated with cloud-based security camera systems. They also claimed to have accessed other data, such as Verkada employees' Slack messages and email exchanges with customers.

The Verkada data breach highlights how cybercriminals can easily abuse super admin privileges. Many cloud-based security providers use a “global admin” account to provide support teams access to their customers’ security systems. Unfortunately, creating too many super admin accounts increases the risk of privileged credentials falling into the wrong hands.

Okta

Identity and access management software provider, Okta, was breached in January 2022 by the hacker group Lapsus$. The group entered Okta’s network by accessing super admin credentials shared with one of the company’s third-party vendors, impacting 355 of Okta’s corporate clients.

Cloud service providers – including Okta – often provide super admin privileges to internal staff to support customer accounts. When these privileges are shared with third-party vendors, the risk of breach increases drastically. The Okta breach highlights why cloud providers need to ensure admin accounts have least-privilege access, especially those used by third parties.

Uber

Uber, the company behind the food delivery and ride-sharing app, encountered a data breach in September 2022 when one of its third-party contractors fell victim to a social engineering attack. According to an Uber representative, cybercriminals obtained the contractor’s password on the dark web, then bypassed Uber’s two-factor authentication when the contractor accepted the authentication after receiving multiple login requests.

The hackers gained super admin access to Uber’s Slack and Google G Suite accounts, in addition to reconfiguring the company’s OpenDNS to display an image to its employees on internal sites. While the breach didn’t expose customer data, the hackers accessed internal financial information, private Slack messages, and data on 77,000 employees.

The Uber data breach shows that even large organizations with highly-skilled security teams have weak links cybercriminals can exploit. Implementing advanced security measures like zero trust access (ZTA) is essential to minimizing the risks posed by shared accounts.

Secure Your Sensitive Data With Safous

Having a single account for multiple users to access may seem convenient, but the consequences can be catastrophic. Luckily, you can avoid the risks of sharing super admin accounts by:

• Ensuring each employee and third-party user has their own unique login credentials.
• Regularly monitoring your company’s systems for suspicious activity. 
• Providing regular security awareness training to users with privileged access.
• Developing and enforcing a strong password policy for all super admin accounts.
• Using non-super admin accounts for daily administrative tasks.
• Implementing advanced access controls, such as multi-factor authentication and single sign-on.

If you’re unsure how to protect your business network from the risks of sharing super admin accounts, Safous can help. Our ZTA solution offers high-level authentication and control with integrated security functions and advanced tools like privileged access management, multi-factor authentication, and one-time passwords. Safous can also hide a single account from users through our single sign-on feature.

Request a free demo today to see how Safous ZTA can help you keep your network safer than ever. 

Sources:

1. https://info.varonis.com/hubfs/Files/docs/research_reports/Varonis-The-Great-SaaS-Data-Exposure.pdf