Okta's Customer Support Data Breach: Senior Management at Fault
Originally Published 2 years ago — by The Hacker News
Okta, an identity and authentication management provider, disclosed that a recent data breach in its support case management system affected 134 out of its 18,400 customers. The unauthorized intruder gained access to Okta's systems from September 28 to October 17, 2023, and obtained HAR files containing session tokens that could be used for session hijacking attacks. The breach impacted five customers, including 1Password, BeyondTrust, and Cloudflare. Investigation revealed that the breach occurred due to the abuse of a service account stored in Okta's system, which had privileges to view and update customer support cases. The username and password of the service account were saved to an employee's personal Google account, potentially exposing the credentials. Okta has taken steps to mitigate the breach, including revoking the compromised session tokens and disabling the service account.