Okta, the San Francisco-based identity and access management company, reported a security breach on Friday. Hackers gained access to private customer information through its customer support management system.
In a site-wide announcement, Okta Chief Security Officer David Bradbury revealed that hackers viewed content uploaded by some Okta customers related to recent support cases. These files, known as HTTP archive (HAR) files, help support personnel replicate customer browser activity for troubleshooting.
SEE ALSO:23andMe may have suffered yet another breach – your data is in jeopardy"HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users," Bradbury said.
Bradbury did not disclose how the credentials were stolen nor if two-factor authentication was in place for the compromised support system. To mitigate the damage, Okta revoked embedded session tokens and advised customers to sanitize credentials within HAR files before sharing.
According to Arstechnica, the initial hack was stopped by security firm BeyondTrust, which alerted Okta to suspicious activity about a month ago. However, due to some flaws within Okta's security model, some actions were still carried out by malicious actors.
Bradbury confirmed that all affected customers have been informed. He also provided IP addresses and browser user agents associated with the hackers for further investigation. He also added that Okta's main production service and Auth0/CIC case management system remain unaffected.
Okta has had its fair share of hacker troubles lately. In March 2022, a group called Lapsus$ accessed an Okta admin panel, allowing them to reset customer passwords and authentication credentials. In December of that same year, Okta's source code was stolen from a GitHub account.
TopicsCybersecurity
(责任编辑:時尚)
U.S. government issues warning on McDonald's recalled wearable devices
Stormzy fires furious freestyle against UK Prime Minister Theresa May
Multiple brands pull their ads from the Alex Jones YouTube channel
Department of Justice announces new cybersecurity task force
Mall builds realDid our grandparents have the best beauty advice?
Do our grandparents really know what's best?They're older and wiser, and they have no shortage of ad
...[详细]Department of Justice announces new cybersecurity task force
Nothing says cutting-edge digital badassery like a government cybersecurity task force, amirite?On T
...[详细]Trump finally tells the truth: Darrell Hammond does do a better impression of him than Alec Baldwin
Early Friday morning, while markets reeled over his tariff announcement and Russia unveiled new miss
...[详细]Lyft offers free rides to March For Our Lives rallies
The deadly shooting at Marjory Stoneman Douglas High School in Parkland, Florida, last month isn't f
...[详细]Olympics official on Rio's green diving pool: 'Chemistry is not an exact science'
The diving pool for the Summer Olympics mysteriously turned green this week in Rio de Janeiro, then
...[详细]You'll see much more of Erica in 'Stranger Things' Season 3
One of the best characters from Stranger ThingsSeason 2 is going to be getting a whole lot more scre
...[详细]Leslie Rose is strict with Kit Harrington about 'Game of Thrones' spoilers
Stars: they're just like us! And it looks like Game of Thronescouple Rose Leslie and Kit Harington t
...[详细]New lawsuit accuses Google of discriminating against white, Asian men
The Google diversity hiring wars rage on. Another former Google employee is suing Google for wrongfu
...[详细]More than half of women in advertising have faced sexual harassment, report says
If you are a woman in advertising, chances are you've faced workplace sexual harassment at one point
...[详细]The only 'Mulan' remake you need to see is right here
Remakes of Disney classics are a tricky thing to do successfully, but in 38 seconds, this group of b
...[详细]J.K. Rowling makes 'Harry Potter' joke about Olympics event
Student asks boyfriend to buy her some new leggings, things escalate quickly
