Hackers stole customer access tokens from Okta’s support unit, admits firm


San Francisco, Oct 21 (IANS): Identity and access company Okta has identified “adversarial activity” that leveraged access to a stolen credential to access Okta's support case management system.

The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases, admitted Okta chief security officer David Bradbury.

“It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted,” he mentioned in a blog post late on Friday.

All customers who were impacted in the security breach have been notified by the company.

Okta provides companies with access and identity tools, such as “single sign-on”. It has more than 18,000 customers with more than 7,000 integrations.

Bradbury said that Okta support will ask customers to upload an HTTP Archive (HAR) file, which allows for troubleshooting of issues by replicating browser activity.

“HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users. Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens,” he informed.

Security firm BeyondTrust, which uses Okta, said that it notified the company of a potential breach on October 2 after it detected an attempted compromise to its network.

The incident began when BeyondTrust security teams detected an attacker trying to access an in-house Okta administrator account using a valid session cookie stolen from Okta’s support system.

“BeyondTrust’s own Identity Security Insights tool alerted the team of the attack, and they were able to block all access and verify that that attacker did not gain access to any systems,” said the company.

Okta is recommending its customers to sanitise all credentials and cookies/session tokens within a HAR file before sharing it.

 

  

Top Stories


Leave a Comment

Title: Hackers stole customer access tokens from Okta’s support unit, admits firm



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.