Saturday, October 21

Okta says hackers breached its support system and viewed customer files

A cartoon man runs across a white field of ones and zeroes.

Enlarge (credit: Getty Images)

Identity and authentication management provider Okta said hackers managed to view private customer information after gaining access to credentials to its customer support management system.

“The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” Okta Chief Security Officer David Bradbury said Friday. He suggested those files comprised HTTP archive, or HAR, files, which company support personnel use to replicate customer browser activity during troubleshooting sessions.

“HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users,” Bradbury wrote. “Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens. In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it.”

Read 7 remaining paragraphs | Comments

No comments:

Post a Comment