Id and entry large Okta mentioned a hacker broke into its buyer assist ticket system and stole delicate recordsdata that can be utilized to interrupt into the networks of Okta’s clients.
Okta chief safety officer David Bradbury mentioned in a blog post Friday {that a} hacker used a stolen credential to entry the corporate’s assist case administration system, which contained browser recording recordsdata uploaded by Okta clients for troubleshooting.
Browser recording classes (or HAR recordsdata) are used for diagnosing issues throughout an internet searching session, and infrequently embrace web site cookies and session tokens, which if stolen can be utilized to impersonate an actual person account without having their password or two-factor.
Bradbury mentioned “clients who had been impacted by this have been notified.” It’s not clear how Okta’s assist case administration system was initially compromised.
Okta supplies organizations and corporations with entry and identification instruments, resembling “single sign-on,” which permits staff entry to all of an organization’s assets on the community with one set of credentials. Okta has round 17,000 clients and manages round 50 billion customers, the corporate mentioned in a March 2023 blog post.
Okta spokesperson Vitor De Souza informed TechCrunch that round 1% of consumers are affected by this breach, however declined to supply a particular quantity.
Safety agency BeyondTrust, which makes use of Okta, mentioned in its own blog post that it notified Okta of a possible breach on October 2 after it detected an tried compromise to its community a short while after an administrator shared a browser recording session with an Okta assist agent.
BeyondTrust’s chief know-how officer Marc Maiffret mentioned the hacker used a session token from the uploaded browser recording session to create an administrator account on BeyondTrust’s community, which it instantly shut down. Maiffret mentioned the incident “was the results of Okta’s assist system being compromised which allowed an attacker to entry delicate recordsdata uploaded by their clients.”
Safety journalist Brian Krebs first reported the information. Krebs reported that Okta contained the incident by October 17, citing the corporate’s deputy chief data safety officer Charlotte Wylie.
That is the most recent incident at Okta, which in 2022 mentioned that hackers stole some of its source code. Earlier in 2022, hackers posted screenshots showing access to the company’s internal network after hacking into an organization Okta used for customer support.
Okta’s inventory closed down 11% on Friday following information of the breach.
Learn extra on TechCrunch:
