- Reaction score
- 1,704
Identity and authentication management provider Okta said hackers managed to view private customer information after gaining access to credentials to its customer support management system.
“The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” Okta Chief Security Officer David Bradbury said Friday. He suggested those files comprised HTTP archive, or HAR, files, which company support personnel use to replicate customer browser activity during troubleshooting sessions.
“HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users,” Bradbury wrote. “Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens. In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it.”
Bradbury didn't say how the hackers stole the credentials to Okta's support system. The CSO also didn't say whether access to the compromised support system was protected by two-factor authentication, which best practices call for.
arstechnica.com
“The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” Okta Chief Security Officer David Bradbury said Friday. He suggested those files comprised HTTP archive, or HAR, files, which company support personnel use to replicate customer browser activity during troubleshooting sessions.
“HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users,” Bradbury wrote. “Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens. In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it.”
Bradbury didn't say how the hackers stole the credentials to Okta's support system. The CSO also didn't say whether access to the compromised support system was protected by two-factor authentication, which best practices call for.
Okta says hackers breached its support system and viewed customer files
Hackers obtained valid credentials, but Okta doesn't say how.
