The intruders - likely agents of a nation state, according to Prince et al - obtained one service token and three service account credentials through that 2023 Okta compromise.
Because Cloudflare incorrectly believed those tokens were unused, it failed to rotate them.
[
add
]
[
|
|
...
]