Okta’s Support System Breach Exposes Customer Data
Okta, a leading identity and access management company, recently faced a security breach in its support unit, exposing customer data. The breach, disclosed on October 19, was caused by a cybercriminal who used stolen credentials to gain unauthorized access to files containing sensitive customer information.
According to Okta’s Chief Security Officer David Bradbury, the hacker specifically accessed the case management system, making it possible to view files uploaded by Okta customers as part of recent support cases. Although separate from the company’s operational services, the compromised support case management system raised the alarm due to the potential exposure of crucial data.
One of the major concerns stemming from the breach was the exposure of HTTP Archive (HAR) files, which store data such as cookies and session tokens. For troubleshooting purposes, these files contain sensitive information that malicious actors could potentially leverage to impersonate customers and gain unauthorized access to their accounts.
Okta responded swiftly, working with affected customers to revoke embedded session tokens and advising for the future that they ensure the files they share don’t contain any sensitive information.
BeyondTrust, one of Okta’s customers, provided additional insights into the incident, revealing that the breach attempt was detected on October 2, 2023. Despite immediate reporting, Okta took over two weeks to confirm the breach. Cloudflare, another entity affected by the breach, confirmed the exploitation of an authentication token stolen from Okta’s support system.
The initial report on the incident came from security journalist Brian Krebs, who stated that Okta managed to contain the situation by October 17, as confirmed by the company’s deputy chief information security officer, Charlotte Wylie.
This breach adds to a string of security incidents involving Okta over the past couple of years. These include attacks from hacking groups like Lapsus$ and Scatter Swine that resulted in data exposure, and the theft of source code repositories from Okta’s subsidiary, Auth0. The repetition of such incidents has led to growing skepticism about Okta’s security protocols and its ability to safeguard customer data effectively.