Okta says hackers breached its support system and accessed customer files
Okta says hackers breached its support system and accessed customer files
Enlarge
Getty
Pictures
Identify
And
authentication
management
supplier
Okta
said
the Pirates
managed
has
see
private
customer
information
After
earn
to access
has
credentials
has
It is
customer
support
management
system.
"THE
threat
actor
was
able
has
see
files
downloaded
by
certain
Okta
clients
as
part
of
recent
support
case ",
Okta
Chief
Security
Officer
David
Bradbury
said
Friday.
He
suggested
those
files
Understood
HTTP
archive,
Or
HAR,
files,
which
business
support
staff
to use
has
reproduce
customer
Navigator
activity
during
troubleshooting
sessions.
“HAR
files
can
Also
contain
sensitive
data,
including
cookies
And
session
tokens,
that
malicious
actors
can
to use
has
imitate
valid
users,"
Bradbury
wrote.
“Okta
has
work
with
impacted
clients
has
investigate,
And
has
taken
measures
has
protect
OUR
clients,
including
THE
revocation
of
integrated
session
tokens.
In
general,
Okta
recommended
disinfect
all
credentials
And
cookies/session
tokens
In
A
HAR
deposit
Before
sharing
that."
Bradbury
doesn't
say
how
THE
the Pirates
stole
THE
credentials
has
Okta
support
system.
THE
CSO
Also
doesn't
say
if
to access
has
THE
compromise
support
system
was
protected
by
two-factor
authentication,
which
best
practices
call
for.
Security
farm
Beyond trust
said
he
alert
Okta
has
suspicious
activity
earlier
This
month
After
detection
A
attacker
using
A
valid
authentication
biscuit
trying
has
to access
A
of
BeyondTrust
internally
Okta
administrator
accounts.
BeyondTrust
to access
policy
controls
stopped
THE
of the attacker
"initial
activity,
but
boundaries
In
Okta
security
model
allowed
them
has
perform
A
little
confined
Actions,"
THE
business
said
without
elaborate.
Eventually,
Beyond trust
was
able
has
block
all
access.
Beyond
Trust
said
he
notified
Okta
of
THE
event
but
doesn't
get
A
answer
For
more
that
two
weeks.
In
A
job,
Beyond trust
civil servants
wrote:
THE
initial
incident
answer
noted
A
possible
compromise
has
Okta
of
either
someone
on
their
support
team
Or
someone
In
position
has
to access
customer
related to support
data.
We
raised
OUR
concerns
of
A
infringe
has
Okta
on
October
2nd.
Having
received
No
acknowledgement
Since
Okta
of
A
possible
infringe,
We
persisted
with
climbs
In
Okta
until
October
19th
When
Okta
security
direction
notified
We
that
they
had
Indeed
experimented
A
infringe
And
We
were
A
of
their
affected
customers.
THE
incident
chronology
provided
by
Beyond
Trust
was
as
follows:
October
2,
2023
–
Detected
And
corrected
identify
central
attack
on
A
internally
Okta
administrator
account
And
alert
Okta
October
3,
2023
–
Request
Okta
support
has
intensify
has
Okta
security
team
given
initial
forensic medecine
pointing
has
A
compromise
In
Okta
support
organization
October
11,
2023
And
October
13,
2023
–
Detained
Zoom
sessions
with
Okta
security
team
has
explain
Why
We
believed
they
could
be
compromise
October
19,
2023
–
Okta
security
direction
confirmed
they
had
A
internal
infringe,
And
Beyond trust
was
A
of
their
affected
clients.
Okta
has
experimented
several
security
Or
data
violations
In
recent
years.
In
March
2022,
broadcast
pictures
watch
that
A
piracy
outfit
known
as
Slip of the tongue$
allegedly
won
to access
has
A
Okta
administration
sign,
allowing
he
has
reset
Passwords
And
multifactorial
authentication
credentials
For
Okta
clients.
THE
business
said
THE
infringe
occurred
After
THE
the Pirates
compromise
A
system
belonging
has
A
of
It is
subcontractors.
In
December
2022,
the Pirates
stole
Okta
source
coded
stored
In
A
business
account
on
GitHub.
Bradbury
said
Okta
has
notified
all
clients
of which
data
was
accessed
In
THE
recent
event.
Friday
job
contains
IP
addresses
And
Navigator
user
agents
used
by
THE
threat
actors
that
others
can
to use
has
indicate
if
they
to have
Also
has been
affected.
THE
compromise
support
management
system
East
separated
Since
Okta
production
service
And
Auth0/CIC
case
management
system...
Identify
And
authentication
management
supplier
Okta
said
the Pirates
managed
has
see
private
customer
information
After
earn
to access
has
credentials
has
It is
customer
support
management
system.
"THE
threat
actor
was
able
has
see
files
downloaded
by
certain
Okta
clients
as
part
of
recent
support
case ",
Okta
Chief
Security
Officer
David
Bradbury
said
Friday.
He
suggested
those
files
Understood
HTTP
archive,
Or
HAR,
files,
which
business
support
staff
to use
has
reproduce
customer
Navigator
activity
during
troubleshooting
sessions.
“HAR
files
can
Also
contain
sensitive
data,
including
cookies
And
session
tokens,
that
malicious
actors
can
to use
has
imitate
valid
users,"
Bradbury
wrote.
“Okta
has
work
with
impacted
clients
has
investigate,
And
has
taken
measures
has
protect
OUR
clients,
including
THE
revocation
of
integrated
session
tokens.
In
general,
Okta
recommended
disinfect
all
credentials
And
cookies/session
tokens
In
A
HAR
deposit
Before
sharing
that."
Bradbury
doesn't
say
how
THE
the Pirates
stole
THE
credentials
has
Okta
support
system.
THE
CSO
Also
doesn't
say
if
to access
has
THE
compromise
support
system
was
protected
by
two-factor
authentication,
which
best
practices
call
for.
Security
farm
Beyond trust
said
he
alert
Okta
has
suspicious
activity
earlier
This
month
After
detection
A
attacker
using
A
valid
authentication
biscuit
trying
has
to access
A
of
BeyondTrust
internally
Okta
administrator
accounts.
BeyondTrust
to access
policy
controls
stopped
THE
of the attacker
"initial
activity,
but
boundaries
In
Okta
security
model
allowed
them
has
perform
A
little
confined
Actions,"
THE
business
said
without
elaborate.
Eventually,
Beyond trust
was
able
has
block
all
access.
Beyond
Trust
said
he
notified
Okta
of
THE
event
but
doesn't
get
A
answer
For
more
that
two
weeks.
In
A
job,
Beyond trust
civil servants
wrote:
THE
initial
incident
answer
noted
A
possible
compromise
has
Okta
of
either
someone
on
their
support
team
Or
someone
In
position
has
to access
customer
related to support
data.
We
raised
OUR
concerns
of
A
infringe
has
Okta
on
October
2nd.
Having
received
No
acknowledgement
Since
Okta
of
A
possible
infringe,
We
persisted
with
climbs
In
Okta
until
October
19th
When
Okta
security
direction
notified
We
that
they
had
Indeed
experimented
A
infringe
And
We
were
A
of
their
affected
customers.
THE
incident
chronology
provided
by
Beyond
Trust
was
as
follows:
October
2,
2023
–
Detected
And
corrected
identify
central
attack
on
A
internally
Okta
administrator
account
And
alert
Okta
October
3,
2023
–
Request
Okta
support
has
intensify
has
Okta
security
team
given
initial
forensic medecine
pointing
has
A
compromise
In
Okta
support
organization
October
11,
2023
And
October
13,
2023
–
Detained
Zoom
sessions
with
Okta
security
team
has
explain
Why
We
believed
they
could
be
compromise
October
19,
2023
–
Okta
security
direction
confirmed
they
had
A
internal
infringe,
And
Beyond trust
was
A
of
their
affected
clients.
Okta
has
experimented
several
security
Or
data
violations
In
recent
years.
In
March
2022,
broadcast
pictures
watch
that
A
piracy
outfit
known
as
Slip of the tongue$
allegedly
won
to access
has
A
Okta
administration
sign,
allowing
he
has
reset
Passwords
And
multifactorial
authentication
credentials
For
Okta
clients.
THE
business
said
THE
infringe
occurred
After
THE
the Pirates
compromise
A
system
belonging
has
A
of
It is
subcontractors.
In
December
2022,
the Pirates
stole
Okta
source
coded
stored
In
A
business
account
on
GitHub.
Bradbury
said
Okta
has
notified
all
clients
of which
data
was
accessed
In
THE
recent
event.
Friday
job
contains
IP
addresses
And
Navigator
user
agents
used
by
THE
threat
actors
that
others
can
to use
has
indicate
if
they
to have
Also
has been
affected.
THE
compromise
support
management
system
East
separated
Since
Okta
production
service
And
Auth0/CIC
case
management
system...
Enlarge
Getty
Pictures
