Okta recently announced that their support case management system had suffered a breach and sensitive customer data were stolen.
Okta provides identity tools such as multi-factor authentication and single sign-on to their customers. They said that the incident affected a very small number of customers. The attacker had used stolen credentials to access their support case management system and stole files that were uploaded by customers as part of support cases. The uploaded files were HTTP Archive files, which are used for troubleshooting issues and contain sensitive data such as cookies and session tokens. The breach was first detected by one of Okta’s customers, BeyondTrust. The security team at BeyondTrust detected and blocked log in attempts into an in-house Okta administrator account. They informed Okta, who took 2 weeks to confirm the breach. Okta said that all affected customers had been notified and that if you have not been contacted, then there is no impact to your Okta environment or support tickets.
https://sec.okta.com/harfiles
https://therecord.media/hackers-used-stolen-credentials-okta
https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/
https://www.bleepingcomputer.com/news/security/okta-says-its-support-system-was-breached-using-stolen-credentials/
https://www.darkreading.com/application-security/more-okta-customers-hacked-through-support-service
This segment was created for the It’s 5:05 podcast