Identity and accessibility huge Okta mentioned a hacker broke into its client assist ticket technique and stole delicate information that can be employed to crack into the networks of Okta’s prospects.
Okta chief security officer David Bradbury mentioned in a website post Friday that a hacker applied a stolen credential to entry the company’s aid case management procedure, which contained browser recording data files uploaded by Okta shoppers for troubleshooting.
Browser recording periods (or HAR documents) are applied for diagnosing troubles for the duration of a world-wide-web searching session, and typically consist of web page cookies and session tokens, which if stolen can be utilised to impersonate a genuine user account without needing their password or two-issue.
Bradbury stated “customers who ended up impacted by this have been notified.” It is not very clear how Okta’s help case management method was initially compromised.
Okta offers organizations and companies with obtain and identification instruments, this sort of as “single signal-on,” which lets staff entry to all of a company’s methods on the community with one established of credentials. Okta has all around seventeen,000 shoppers and manages all-around 50 billion end users, the business said in a March 2023 weblog put up.
Okta spokesperson Vitor De Souza informed TechCrunch that all over one% of prospects are afflicted by this breach, but declined to present a precise number.
Safety business BeyondTrust, which utilizes Okta, said in its own site put up that it notified Okta of a likely breach on Oct 2 following it detected an tried compromise to its community a shorter time after an administrator shared a browser recording session with an Okta support agent.
BeyondTrust’s chief know-how officer Marc Maiffret mentioned the hacker utilised a session token from the uploaded browser recording session to generate an administrator account on BeyondTrust’s network, which it straight away shut down. Maiffret reported the incident “was the result of Okta’s guidance technique staying compromised which authorized an attacker to accessibility delicate files uploaded by their buyers.”
Protection journalist Brian Krebs first reported the news. Krebs documented that Okta contained the incident by October 17, citing the company’s deputy main info protection officer Charlotte Wylie.
This is the most current incident at Okta, which in 2022 said that hackers stole some of its source code. Before in 2022, hackers posted screenshots demonstrating obtain to the company’s inner community immediately after hacking into a organization Okta utilized for consumer support.
Okta’s stock closed down eleven% on Friday pursuing information of the breach.
Go through extra on TechCrunch:
- Authorities confirm RagnarLocker ransomware taken down
- Intercontinental Prison Court docket says cyberattack was attempted espionage
- Hackers exploit zero-day to compromise tens of 1000’s of Cisco products
- Hacker leaks hundreds of thousands more 23andMe user documents on cybercrime forum