Okta, the San Francisco-based identity and access management company, reported a security breach on Friday. Hackers gained access to private customer information through its customer support management system.
In a site-wide announcement, Okta Chief Security Officer David Bradbury revealed that hackers viewed content uploaded by some Okta customers related to recent support cases. These files, known as HTTP archive (HAR) files, help support personnel replicate customer browser activity for troubleshooting.
SEE ALSO:23andMe may have suffered yet another breach – your data is in jeopardy"HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users," Bradbury said.
Bradbury did not disclose how the credentials were stolen nor if two-factor authentication was in place for the compromised support system. To mitigate the damage, Okta revoked embedded session tokens and advised customers to sanitize credentials within HAR files before sharing.
According to Arstechnica, the initial hack was stopped by security firm BeyondTrust, which alerted Okta to suspicious activity about a month ago. However, due to some flaws within Okta's security model, some actions were still carried out by malicious actors.
Bradbury confirmed that all affected customers have been informed. He also provided IP addresses and browser user agents associated with the hackers for further investigation. He also added that Okta's main production service and Auth0/CIC case management system remain unaffected.
Okta has had its fair share of hacker troubles lately. In March 2022, a group called Lapsus$ accessed an Okta admin panel, allowing them to reset customer passwords and authentication credentials. In December of that same year, Okta's source code was stolen from a GitHub account.
TopicsCybersecurity
(责任编辑:休閑)
Pole vaulter claims his penis is not to blame
4 wholesome browser games to play if you love plants
Food delivery companies offer option to leave orders at your door because of coronavirus
Watch out for this extremely fake, weirdly racist viral post about coronavirusWhatsApp announces plans to share user data with FacebookThis coloring book is here for all your relationship goals
LONDON -- We are living through the golden age of celebrity relationships. Gone are the days of tort
...[详细]Early adopters: The couples who met online in the '90s and got married
In our Love App-tually series, Mashable shines a light into the foggy world of online dating. It is
...[详细]It's time to re-purpose Nintendo's old "Now you're playing with power!" tagline.There's a new custom
...[详细]Samsung Galaxy Z Flip is very vulnerable to dust, teardown shows
Samsung's Galaxy Z Flip isn't officially dust-proof, but Samsung took some measures to make it harde
...[详细]Fake news reports from the Newseum are infinitely better than actual news
Actual investigative journalism: who needs it?At least, that's what some people will likely conclude
...[详细]Bank of America and others prefer location tracking over travel alerts
Protecting my money while on the road now means sacrificing my privacy.As I prepared to travel to fo
...[详细]5 weird Apple commercials from the '80s we can't stop watching
UPDATE: Jan. 27, 2020, 12:09 p.m. EST Sadly, most of the videos in the Unofficial Apple Archive, inc
...[详细]Pandemic simulation game 'Plague Inc' pulled from China's App Store
Pandemic simulator Plague Inc. became China's top paid iOS download in January, as players flocked t
...[详细]Tyler, the Creator helped Frank Ocean celebrate 'Blonde' release in a delicious way
