"Okta Breached Via Stolen Credential"

Identity and access management (IAM) specialist Okta has recently found itself on the receiving end of another security breach after a threat actor was able to access a stolen credential.  Okta said an adversary used the credential to access its support case management system.  The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.  The company noted that it should known that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted.  In addition, the Auth0/CIC case management system is not impacted by this incident.  However, Okta noted that access to the case management system may have exposed sensitive customer information.  Okta support will ask customers to upload an HTTP Archive (HAR) file, which allows troubleshooting issues by replicating browser activity.  HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users.

 

Infosecurity reports: "Okta Breached Via Stolen Credential"

Submitted by Adam Ekwall on