Okta, the San Francisco-based id and entry administration firm, reported a safety breach on Friday. Hackers gained entry to non-public buyer data by the shopper help administration system.
In a sitewide announcement, Okta Chief Safety Officer David Bradbury revealed that hackers considered content material uploaded by some Okta prospects associated to latest help instances. These recordsdata, often known as HTTP archive (HAR) recordsdata, assist help employees replicate buyer searching exercise for troubleshooting functions.
23andMe could have suffered one other breach: your knowledge is in danger
“HAR recordsdata can even comprise delicate knowledge, together with cookies and session tokens, that malicious actors can use to impersonate legitimate customers,” Bradbury mentioned.
Bradbury didn’t disclose how the credentials have been stolen or whether or not there was two-factor authentication for the compromised help system. To restrict the injury, Okta has retired embedded session tokens and suggested prospects to purge credentials in HAR recordsdata earlier than sharing them.
In accordance with Arstechnica, the primary hack was stopped by safety agency BeyondTrust, which notified Okta of suspicious exercise a few month in the past. Nevertheless, as a result of some flaws in Okta’s safety mannequin, some actions have been nonetheless carried out by malicious actors.
Bradbury confirmed that each one affected prospects have been notified. He additionally supplied IP addresses and browser consumer brokers related to the hackers for additional investigation. He additionally added that Okta’s core manufacturing service and Auth0/CIC case administration system will stay unaffected.
Okta has had its fair proportion of hacker issues these days. In March 2022, a bunch known as Lapsus$ gained entry to an Okta admin panel, permitting them to reset buyer passwords and authentication data. In December of that very same yr, Okta’s supply code was stolen from a GitHub account.