Nation-state threat actor (attributed to Midnight Blizzard / Cozy Bear / APT29 in some reporting) used one access token and three service account credentials stolen during the Okta support case management breach (October 2023) to access Cloudflare’s internal systems. Reconnaissance November 14–17 2023; returned November 20–21 and accessed source code management systems. Cloudflare failed to rotate the credentials assuming they were unused. Limited source code and internal documentation on global network architecture exfiltrated. No customer data or Cloudflare services impacted. Zero-trust architecture and hard security keys limited lateral movement. Disclosed publicly 1 February 2024. This was a downstream consequence of the Okta supply chain.