[ad_1]
Id and authentication administration supplier Okta stated hackers managed to view non-public buyer info after getting access to credentials to its buyer assist administration system.
“The risk actor was in a position to view recordsdata uploaded by sure Okta clients as a part of latest assist circumstances,” Okta Chief Safety Officer David Bradbury said Friday. He urged these recordsdata comprised HTTP archive, or HAR, recordsdata, which firm assist personnel use to duplicate buyer browser exercise throughout troubleshooting classes.
“HAR recordsdata can even include delicate information, together with cookies and session tokens, that malicious actors can use to impersonate legitimate customers,” Bradbury wrote. “Okta has labored with impacted clients to research, and has taken measures to guard our clients, together with the revocation of embedded session tokens. Normally, Okta recommends sanitizing all credentials and cookies/session tokens inside a HAR file earlier than sharing it.”
Bradbury did not say how the hackers stole the credentials to Okta’s assist system. The CSO additionally did not say whether or not entry to the compromised assist system was protected by two-factor authentication, which greatest practices name for.
Safety agency BeyondTrust stated it alerted Okta to suspicious exercise earlier this month after detecting an attacker utilizing a sound authentication cookie making an attempt to entry certainly one of BeyondTrust’s in-house Okta administrator accounts. BeyondTrust’s entry coverage controls stopped the attacker’s “preliminary exercise, however limitations in Okta’s safety mannequin allowed them to carry out a couple of confined actions,” the corporate stated with out elaborating. Ultimately, BeyondTrust was in a position to block all entry.
Past Belief stated it notified Okta of the occasion however didn’t get a response for greater than two weeks. In a post, BeyondTrust officers wrote:
The preliminary incident response indicated a doable compromise at Okta of both somebody on their assist group or somebody in place to entry buyer support-related information. We raised our considerations of a breach to Okta on October 2nd. Having acquired no acknowledgement from Okta of a doable breach, we continued with escalations inside Okta till October nineteenth when Okta safety management notified us that they’d certainly skilled a breach and we had been certainly one of their affected clients.
The incident timeline supplied by Past Belief was as follows:
- October 2, 2023 – Detected and remediated identification centric assault on an in-house Okta administrator account and alerted Okta
- October 3, 2023 – Requested Okta assist to escalate to Okta safety group given preliminary forensics pointing to a compromise inside Okta assist group
- October 11, 2023 and October 13, 2023 – Held Zoom classes with Okta safety group to clarify why we believed they may be compromised
- October 19, 2023 – Okta safety management confirmed they’d an inside breach, and BeyondTrust was certainly one of their affected clients.
Okta has skilled a number of safety or information breaches lately. In March 2022, circulated photos confirmed {that a} hacking outfit referred to as Lapsus$ purportedly gained entry to an Okta administration panel, permitting it to reset passwords and multifactor authentication credentials for Okta clients. The corporate stated the breach occurred after the hackers compromised a system belonging to certainly one of its subprocessors.
In December 2022, hackers stole Okta source code saved in an organization account on GitHub.
Bradbury stated Okta has notified all clients whose information was accessed within the latest occasion. Friday’s put up comprises IP addresses and browser person brokers utilized by the risk actors that others can use to point if they’ve additionally been affected. The compromised assist administration system is separate from Okta’s manufacturing service and Auth0/CIC case administration system, neither of which was impacted.
[ad_2]
