Okta, the San Francisco-based identity and access management company, reported a security breach on Friday. Hackers gained access to private customer information through the customer support management system.
In a site-wide announcementDavid Bradbury, Okta’s chief security officer, revealed that hackers viewed content uploaded by some Okta customers related to current support cases. These files, called HTTP archive (HAR) files, help support staff reproduce the customer’s browsing activity for troubleshooting purposes.
23andMe may have suffered another breach – your data is at risk
“HAR files can also contain sensitive data, including cookies and session tokens, which malicious actors can use to impersonate valid users,” Bradbury said.
Bradbury did not disclose how the credentials were stolen or whether the compromised support system had two-factor authentication in place. To limit the damage, Okta revoked embedded session tokens and recommended customers sanitize credentials in HAR files before sharing.
Accordingly Art techniqueThe first hack was stopped by security firm BeyondTrust, which alerted Okta to suspicious activity about a month ago. However, due to some flaws in Okta’s security model, some actions were still carried out by malicious actors.
Bradbury confirmed that all affected customers have been informed. He also provided IP addresses and browser user agents associated with the hackers for further investigation. He also added that Okta’s main production service and Auth0/CIC case management system are not affected.
Okta has had a lot of hacking problems lately. In March 2022A group called Lapsus$ accessed an Okta admin panel and reset customer passwords and authentication credentials. In December of the same yearOkta’s source code was stolen from a GitHub account.