Okta, an identity and access management company based in San Francisco, recently reported a breach in its security on Friday. It has since been reported that hackers managed to gain access to the private customer information that was provided through the customer support management system.
In an announcement made throughout the site, David Bradbury, the Chief Security Officer of the company went on to reveal that the hackers had viewed content that was uploaded by some of the customers of the company related to recent support cases. The files, which are known as HTTP archive files, help support the personnel in replicating the browser activity of the customer for troubleshooting.
Okta Has Suffered A Massive Security Breach
Bradbury also stated that HAR files also contained sensitive data, which included session tokens and cookies, that any malicious actor would use to impersonate valid users. Interestingly, the CSO of Okta didn’t actually disclose how the credentials ended up being stolen, or if the two-factor authentication was in place for the entirety of the compromised support system. Rather, in order to mitigate this damage, the company further revoked all the embedded session tokens- and then advised customers to sanitize the credentials with HAR files before they were shared.
As it turns out, Okta has had its fair share of run-ins with hackers lately. Back in March 2022, a group called Lapsus$ went on to access an Okta admin panel, which allowed them to reset all the customer passwords and the authentication credentials. In December of that very year, the source code for Okta was stolen from an account made through GitHub. Regarding the current hack, Bradbury confirmed that all of the customers affected had been informed.