Okta Customer Data Exposed in Security Breach

Okta, a popular identity services provider, acknowledged a security breach that allowed bad actors to access its support case management system via stolen account credentials. 

David Bradbury, chief security officer for Okta, commented the following: “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases … It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted.”

Luckily, the company’s Auth0/CIC system was not a part of the breach. Okta has reached out to users affected by the security incident. 

That said, there’s a risk in the current breach in the company’s HTTP Archive (HAR) files which are used to simulate issues for troubleshooting. These files can potentially contain personal information, like cookies and session tokens, which bad actors could use to impersonate legitimate users. Attackers might have access to these files, so Okta is working with affected customers to revoke tokens for their security. 

There are still questions about the breach, Okta is keeping many details private. However, Okta told The Hackers News the breach affected 1% of its 18,400 users. We also know BeyondTrust and Cloudfare were targets in the attack: Bad actors hijacked a session token from a Cloudfare employee’s support ticket, and used that to break into Cloudfare systems October 18. Two employees were compromised by bad actors, but no customer info was compromised. 

BeyondTrust told Okta about the breach on October 2, but says the hackers may have had acccess until at least October 18.