"Okta Breach Post Mortem Reveals Weaknesses Exploited by Attackers"

The recent Okta Support system breach occurred because of the compromise of a service account with access to view and update customer support cases. Okta Security discovered that an employee had signed in to their personal Google profile on their Okta-managed laptop's Chrome browser. According to David Bradbury, Chief Security Officer at Okta, the service account's username and password were saved into the employee's personal Google account. The compromise of the employee's personal Google account or device is what most likely exposed this credential. This article continues to discuss how the Okta breach affected customers and why the attacker's actions were not discovered earlier.

Help Net Security reports "Okta Breach Post Mortem Reveals Weaknesses Exploited by Attackers"

Submitted by grigby1
 

Submitted by Gregory Rigby on