Okta, the San Francisco-based identity and access management company, reported a security breach on Friday. Hackers gained access to private customer information through its customer support management system.
In a site-wide announcement, Okta Chief Security Officer David Bradbury revealed that hackers viewed content uploaded by some Okta customers related to recent support cases. These files, known as HTTP archive (HAR) files, help support personnel replicate customer browser activity for troubleshooting.
SEE ALSO:23andMe may have suffered yet another breach – your data is in jeopardy"HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users," Bradbury said.
Bradbury did not disclose how the credentials were stolen nor if two-factor authentication was in place for the compromised support system. To mitigate the damage, Okta revoked embedded session tokens and advised customers to sanitize credentials within HAR files before sharing.
According to Arstechnica, the initial hack was stopped by security firm BeyondTrust, which alerted Okta to suspicious activity about a month ago. However, due to some flaws within Okta's security model, some actions were still carried out by malicious actors.
Bradbury confirmed that all affected customers have been informed. He also provided IP addresses and browser user agents associated with the hackers for further investigation. He also added that Okta's main production service and Auth0/CIC case management system remain unaffected.
Okta has had its fair share of hacker troubles lately. In March 2022, a group called Lapsus$ accessed an Okta admin panel, allowing them to reset customer passwords and authentication credentials. In December of that same year, Okta's source code was stolen from a GitHub account.
TopicsCybersecurity
(责任编辑:焦點)
There's a big piece of fake chicken stuck to this phone case
Samsung is making it easier for color
DMX is coming for Mariah Carey's Christmas throne with a 'Rudolph the Red
Colin Kaepernick lands the cover of GQ in magazine's first 'Citizen of the Year'
Airbnb activates disaster response site for Louisiana floodingAmazon's Echo made controlling music with your voice easy-peasy, but its sound quality could be a lo
...[详细]New study finds having sex probably won't cause cardiac arrest
Cardiac arrest — when your heart suddenly stops pumping — is a killer in the U.S., but a
...[详细]Husband scares the hell out of his wife with the help of a car's back up camera
Nothing says 'I love you' more than scaring your partner half to death each and every day. Husband a
...[详细]German regulator tells people to destroy smartwatches made for kids
The German government isn't just banning some children's smartwatches — its telling people to
...[详细]Make money or go to Stanford? Katie Ledecky is left with an unfair choice.
This is Katie Ledecky's world right now, and the rest of us are just living in it. Want proof? Ledec
...[详细]Lorde's mum embarrasses her by sharing old home singing videos
Were you a "dramatic" youngster? Making homemade videos of your performances, probably trying to ups
...[详细]Coinbase ordered to turn over some customer data
Most cryptocurrencies are pseudonymous, but some users of the digital exchange Coinbase are about to
...[详细]Samsung is making it easier for color
Samsung doesn't want Color Vision Deficiency (CVD) — commonly referred to as color-blindness &
...[详细]Darth Vader is back. Why do we still care?
They saved the best for last in the first official trailer for Rogue One: A Star Wars Story, release
...[详细]Texas church shooting reignites the encryption debate between Apple and FBI
The encryption debate is heating back up.Monday, the San Antonio Express-News confirmed that Texas a
...[详细]Xiaomi accused of copying again, this time by Jawbone
MashReads Podcast: Catching up with Neil Patrick Harris
