Okta has found itself on the receiving end of another security breach after a threat actor was able to access a stolen credential.
As per the statement, the threat actor was able to view files uploaded by certain Okta customers as part of recent support cases using compromised credentials
The Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident. But may have exposed sensitive customer information.
Okta support will ask customers to upload an HTTP Archive (HAR) file, which allows for troubleshooting of issues by replicating browser activity. HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users. Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens.
In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it.
Okta customer BeyondTrust said it notified the IAM vendor about a possible breach on October 2, after detecting an attempt to access an in-house Okta administrator account using a valid session cookie stolen from Okta’s support system.
Okta’s confirmed that all customers affected by the incident have now been notified. Reports claimed the news sent the firm’s share price down 12%.