The Support Ticket That Opened Every Door episode artwork

EPISODE · Apr 28, 2026 · 54 MIN

The Support Ticket That Opened Every Door

from Zero Day Logs · host ZDL

In 2022, a teenager posted screenshots from inside the company that controls the login page for 18,000 organisations — not by breaking through a firewall, but through a contractor's compromised laptop. Twenty months later, it happened again. This time through a diagnostic file uploaded to a support ticket.This is the full story of both Okta breaches — how a contractor's laptop, a credential saved to a personal Google account via Chrome's password sync, and a file format most people have never heard of gave attackers a window into Cloudflare, 1Password, BeyondTrust, and thousands of others. And how one company was told something was wrong — and stayed silent for 18 days.Zero Day Logs is an investigative audio documentary built entirely from the public record: official security advisories, customer post-incident reports, court documents, and verified forensic findings. Every breach. One episode. Real consequences.Find full technical breakdowns, attack timelines, and defensive configurations at zerodaylogs.com. If you found this breakdown valuable, please follow the show and leave a review.____________________________CHAPTERS00:00 Cold Open — Screenshots on Telegram03:52 The Invisible Gatekeeper06:07 Lapsus$ — Not a Nation State07:52 What Actually Happened in 202208:03 How Authentication Actually Works11:43 The Contractor's Laptop19:53 Twenty Months Later23:13 The 2023 Breach24:17 The HAR File — A Flight Data Recorder25:03 Session Cookies and Stolen Wristbands27:55 The November 29th Disclosure30:03 Cloudflare, 1Password, BeyondTrust34:15 The Supply Chain Problem36:38 Zero Trust and Assume Breach40:31 Eighteen Days of Silence41:43 The Three Missing Controls43:23 The Credential That Left the Building47:06 What Changed After48:20 The Chain of Trust53:09 Outro53:35 Next: SolarWinds____________________________SOURCES & FURTHER READING- Okta Security Advisory — October 2023- Okta Expanded Disclosure — November 29, 2023- Okta Security Advisory — March 2022- Cloudflare blog: "How Cloudflare mitigated yet another Okta compromise"- 1Password Security Incident Report (2023)- BeyondTrust Incident Disclosure (2023)- CISA Identity Security Guidance- Lapsus$ public reporting / Arion Kurtaj UK conviction (2023)

In 2022, a teenager posted screenshots from inside the company that controls the login page for 18,000 organisations — not by breaking through a firewall, but through a contractor's compromised laptop. Twenty months later, it happened again. This time through a diagnostic file uploaded to a support ticket. This is the full story of both Okta breaches — how a contractor's laptop, a credential saved to a personal Google account via Chrome's password sync, and a file format most people have nev...

NOW PLAYING

The Support Ticket That Opened Every Door

0:00 54:31

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Zero Day Logs?

This episode is 54 minutes long.

When was this Zero Day Logs episode published?

This episode was published on April 28, 2026.

What is this episode about?

In 2022, a teenager posted screenshots from inside the company that controls the login page for 18,000 organisations — not by breaking through a firewall, but through a contractor's compromised laptop. Twenty months later, it happened again. This...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Zero Day Logs episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!