Id and entry large Okta stated a hacker broke into its buyer help ticket system and stole delicate recordsdata that can be utilized to interrupt into the networks of Okta’s prospects.
Okta chief security officer David Bradbury stated in a weblog publish Friday {that a} hacker used a stolen credential to entry the corporate’s help case administration system, which contained browser recording recordsdata uploaded by Okta prospects for troubleshooting.
Browser recording classes (or HAR recordsdata) are used for diagnosing issues throughout an internet shopping session, and infrequently embody web site cookies and session tokens, which if stolen can be utilized to impersonate an actual person account with no need their password or two-factor.
Bradbury stated “prospects who had been impacted by this have been notified.” It’s not clear how Okta’s help case administration system was initially compromised.
Okta supplies organizations and corporations with entry and id instruments, corresponding to “single sign-on,” which permits staff entry to all of an organization’s sources on the community with one set of credentials. Okta has round 17,000 prospects and manages round 50 billion customers, the corporate stated in a March 2023 weblog publish.
Okta spokesperson Vitor De Souza advised information.killnetswitch that round 1% of consumers are affected by this breach, however declined to supply a selected quantity.
Safety agency BeyondTrust, which makes use of Okta, stated in its personal weblog publish that it notified Okta of a possible breach on October 2 after it detected an tried compromise to its community a short while after an administrator shared a browser recording session with an Okta help agent.
BeyondTrust’s chief expertise officer Marc Maiffret stated the hacker used a session token from the uploaded browser recording session to create an administrator account on BeyondTrust’s community, which it instantly shut down. Maiffret stated the incident “was the results of Okta’s help system being compromised which allowed an attacker to entry delicate recordsdata uploaded by their prospects.”
Safety journalist Brian Krebs first reported the information. Krebs reported that Okta contained the incident by October 17, citing the corporate’s deputy chief info security officer Charlotte Wylie.
Okta’s inventory closed down 11% on Friday following information of the breach.
Learn extra on information.killnetswitch:
