Okta breach shows why identities come first in a zero-trust world

BusinessBeat present : AI Unchained - A exclusive executive event For business data leaders. Network And learn with industry peers. Learn More

Display how fragile digital identities are even For A leading supplier of identify And to access management (I AM) solutions, Okta security infringe, recognized by THE business on October 20, began with stolen credentials used has earn to access has It is support management system. From there, attackers won to access has HTTP Archive (.HAR) files that contain active session cookies And began breach Okta clients, to attempt has enter their networks And exfiltrate data.

Daniel Spicy, Ivanti chief security officer (CSO said VentureBeat, "A lot HE team members, even those WHO are concerned about safety, don't do it think about What information they share with supplier support teams because they are 'of confidence.' Security teams need has interview their HE teams has to understand What data they commonly to have has share has solve support case. » Spicy advises, "You should Also inspect THE to go out For automatically generated troubleshooting data Since sensitive systems. You could find Nothing Since certificates And credentials has Personal informations In those data sets. »

Attackers exploited trust In privileged credentials

Attackers work fast has to use stolen session cookies And tokens Since HAR files has imitate legitimate users And attempt has earn unauthorized to access has Okta clients' systems. Okta clients Beyond trust, Cloud flare, And 1Password — WHO collectively serve tens of thousands of organizations And clients, including a few of THE of the world the biggest And most important — immediately detected unusual activity, including new account creation And changes In administrative permissions. Each of these clients discovered THE infringe weeks Before Okta did, immediately to alert their identify management supplier. He took Zoom calls And sharing data results with Okta For THE last has confirm THE infringe, weeks later.

In A ironic twist For Okta, of which marketing slogan East All departures with identify. It is clients detected tent violations immediately When unauthorized attempts were do has to access high privilege Okta accounts using A stolen session biscuit Since A recently downloaded HAR file.

Event

AI Unleashed

A exclusive invite only evening of knowledge And networking, designed For senior business executives monitoring data Battery And strategies.

Learn More Stolen cookies And compromise tokens

Identify security business BeyondTrust Blog job said that on October 2, he detected A unauthorized attempt has to access A high privilege Okta account using A stolen session biscuit Since A recently downloaded HAR deposit.

Beyond trust accomplished THE infringe attempt came just 30 minutes After A of their administrators sharing THE HAR deposit with Okta support. Attackers were using THE stolen biscuit has to try And create A new administrative Okta profile In THE Beyond trust environment.

On October 18, Cloud Flare REMARK attacks originating Since Okta And trace them back has A compromise authentication ...