Okta Confirms Security Breach Affecting Small Number of Customers
Okta, a prominent identity management service provider, has revealed a security incident involving its customer support division. The breach, which transpired in early October 2022, potentially affected a minuscule number of its over 18,000 customers.
Okta confirmed that the intruders gained unauthorized access to its support platform for at least two weeks before the intrusion was detected and mitigated on October 17, 2022. The breach allowed the hackers to view sensitive information uploaded by certain Okta customers, including cookies and session tokens.
The attack on one of Okta's clients, BeyondTrust, involved an attempt to create an all-powerful administrator account within their Okta environment using a valid Okta session token from a HAR file. Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it. Initially, Okta did not believe BeyondTrust's alert was due to a breach in its systems but later confirmed the incident.
This is not the first time Okta has grappled with a security breach. In March 2022, the hacking group LAPSUS$ targeted Okta. Okta has notified the affected customers and is collaborating with them to mitigate potential impacts. The company urges all customers to review and rotate their credentials as a precautionary measure.
