2 min Security

Okta reports data theft from customer service ticket system -update

Okta reports data theft from customer service ticket system -update

Update, 6/11/2023, 9:53 am, Laura Herijgers: After an internal investigation, Okta reports that the hack impacted 134 customers. In other words, less than one percent of Okta’s customer base was affected.

Some HAR files were stolen via Okta’s customer service ticket system. These files contain information about browser activities and were used by the hackers in session hijacking attacks. Okta reports sessions from five customers were taken over this way. Three of the five customers are known: 1Password, BeyondTrust and Cloudflare. These companies have already reported the incident.

Read more: Okta hack shows how vulnerable digital authentication is

Original, 23/10/2023, 11:53 am, Floris Hulshoff Pol: Okta was hit by a hack that captured sensitive customer data. This data allowed hackers to break into the identity and access provider’s customer networks.

Okta indicates in a recent blog post that it has been hit by a hacking attack in which sensitive customer data was stolen. According to the identity and access provider, hackers managed to break into its customer service ticketing system.

In total, probably one percent of Okta customers were affected. How many companies were affected is not known. The identity and access provider has since informed affected customers.

HAR files captured

The hack occurred through the use of stolen login credentials, affecting the customer support management system. This system included files recording browser activity, so-called HAR files, from customers for troubleshooting purposes.

HAR files are used for diagnosing problems during Web browsing sessions and often contain cookies and session tokens, for example. This data can be misused to spoof an existing account without having to use passwords or two-factor authentication, for example.

The hack was remarkably reported by security firm BeyondTrust, which detected an attack on its own Okta system. In this, the company’s own Okta management account was attacked by misusing a valid session cookie.

The valid cookie was found to have been stolen from Okta’s own support system. The security company managed to repel the attack by using its own software to create a blockade.

Also read: Businesses are adopting zero-trust en masse