[ad_1]
![A cartoon man runs across a white field of ones and zeroes.](https://cdn.arstechnica.net/wp-content/uploads/2021/07/data-breach-800x435.jpeg)
Identification and authentication administration supplier Okta stated hackers managed to view personal buyer data after having access to credentials to its buyer assist administration system.
“The risk actor was in a position to view recordsdata uploaded by sure Okta prospects as a part of latest assist instances,” Okta Chief Safety Officer David Bradbury stated Friday. He advised these recordsdata comprised HTTP archive, or HAR, recordsdata, which firm assist personnel use to copy buyer browser exercise throughout troubleshooting periods.
“HAR recordsdata also can include delicate knowledge, together with cookies and session tokens, that malicious actors can use to impersonate legitimate customers,” Bradbury wrote. “Okta has labored with impacted prospects to research, and has taken measures to guard our prospects, together with the revocation of embedded session tokens. Typically, Okta recommends sanitizing all credentials and cookies/session tokens inside a HAR file earlier than sharing it.”
Bradbury did not say how the hackers stole the credentials to Okta’s assist system. The CSO additionally did not say whether or not entry to the compromised assist system was protected by two-factor authentication, which greatest practices name for.
Safety agency BeyondTrust stated it alerted Okta to suspicious exercise earlier this month after detecting an attacker utilizing a legitimate authentication cookie attempting to entry one in all BeyondTrust’s in-house Okta administrator accounts. BeyondTrust’s entry coverage controls stopped the attacker’s “preliminary exercise, however limitations in Okta’s safety mannequin allowed them to carry out just a few confined actions,” the corporate stated with out elaborating. Finally, BeyondTrust was in a position to block all entry.
Past Belief stated it notified Okta of the occasion however didn’t get a response for greater than two weeks. In a put up, BeyondTrust officers wrote:
The preliminary incident response indicated a doable compromise at Okta of both somebody on their assist crew or somebody in place to entry buyer support-related knowledge. We raised our considerations of a breach to Okta on October 2nd. Having acquired no acknowledgement from Okta of a doable breach, we continued with escalations inside Okta till October nineteenth when Okta safety management notified us that that they had certainly skilled a breach and we had been one in all their affected prospects.
The incident timeline supplied by Past Belief was as follows:
- October 2, 2023 – Detected and remediated id centric assault on an in-house Okta administrator account and alerted Okta
- October 3, 2023 – Requested Okta assist to escalate to Okta safety crew given preliminary forensics pointing to a compromise inside Okta assist group
- October 11, 2023 and October 13, 2023 – Held Zoom periods with Okta safety crew to clarify why we believed they is likely to be compromised
- October 19, 2023 – Okta safety management confirmed that they had an inside breach, and BeyondTrust was one in all their affected prospects.
Okta has skilled a number of safety or knowledge breaches in recent times. In March 2022, circulated photographs confirmed {that a} hacking outfit generally known as Lapsus$ purportedly gained entry to an Okta administration panel, permitting it to reset passwords and multifactor authentication credentials for Okta prospects. The corporate stated the breach occurred after the hackers compromised a system belonging to one in all its subprocessors.
In December 2022, hackers stole Okta supply code saved in an organization account on GitHub.
Bradbury stated Okta has notified all prospects whose knowledge was accessed within the latest occasion. Friday’s put up accommodates IP addresses and browser person brokers utilized by the risk actors that others can use to point if they’ve additionally been affected. The compromised assist administration system is separate from Okta’s manufacturing service and Auth0/CIC case administration system, neither of which was impacted.
[ad_2]
Source_link