Okta security breach exposes customer data
According to Okta's CSO, David Bradbury, the breach occurred when an unauthorised individual utilised stolen credentials to access support CMS.
- Tech News
- 2 min read
Okta, a major identity and access management provider, has revealed a security breach in which a hacker infiltrated its customer support ticket system and made off with sensitive files that could potentially compromise Okta's customers' networks.
According to Okta's Chief Security Officer, David Bradbury, the breach occurred when an unauthorised individual utilised stolen credentials to access the company's support case management system. This system contained browser recording files uploaded by Okta customers for troubleshooting purposes.
Browser recording sessions, often referred to as HAR files, are essential for diagnosing issues during web browsing sessions. They can include website cookies and session tokens, which, if pilfered, could be exploited to impersonate a genuine user account without needing their password or two-factor authentication codes.
Affected customers have been notified
Bradbury has confirmed that affected customers have been notified, though it remains unclear how the initial compromise of Okta's support case management system occurred.
Advertisement
Okta provides access and identity tools, including "single sign-on" solutions, enabling employees to access an organisation's network resources with a single set of credentials. As of March 2023, Okta serves approximately 17,000 customers and manages a staggering 50 billion users.
BeyondTrust, a security firm that relies on Okta, detected a potential breach on October 2 and promptly alerted Okta. The breach was identified shortly after an administrator shared a browser recording session with an Okta support agent. The hacker used a session token from this session to create an administrator account on BeyondTrust's network, which was promptly shut down. BeyondTrust's CTO, Marc Maiffret, noted that the incident resulted from the compromise of Okta's support system, allowing the attacker access to sensitive customer files.
Advertisement
The news of this breach had a significant impact on Okta's stock, causing it to drop by 11 per cent on Friday.