In recent weeks, the identity and access management company, Okta, experienced a security breach in its support system, which has raised concerns. Here’s what you need to know about this incident.
How did the breach occur?
The attackers gained access to Okta’s support system and were able to view files that had been uploaded by a limited number of Okta customers. These files, uploaded during support cases, often contained sensitive information like session tokens and cookies, which the hackers used to impersonate valid users.
Any similarities with previous incidents?
Yes, Okta’s products have been associated with high-profile breaches, including those of Caesars Entertainment and MGM casinos in Las Vegas. This time, Okta’s breach impacted some of its customers, with 1Password being one of them. Fortunately, 1Password detected suspicious activity related to the breach but found no user data compromised.
How many customers were affected?
The breach impacted approximately 1% of Okta’s 18,400 customers, and Okta has already notified those affected.
Why is this a concern?
Okta provides crucial digital services to many organizations, making it an attractive target for hackers. This breach follows a similar incident in 2022, raising questions about the company’s security measures and response to potential incidents.
What security measures have been taken?
While Okta has not publicly disclosed its actions, companies like 1Password have reduced the number of super admin users, tightened login rules for admins, and implemented additional security measures in response to the incident.
What was the source of the breach?
The breach began on Okta’s support portal, where support requests often involved uploading HTTP Archive (HAR) files for troubleshooting. These files can contain sensitive data like session tokens. Okta revoked compromised session tokens and advised users to sanitize HAR files, although some argue that this should not be the customer’s responsibility.
How many companies were affected, and how did they respond?
Cloudflare, BeyondTrust, and 1Password were among the companies impacted by the breach. They independently detected the breach before Okta confirmed it. They responded swiftly and reported the situation to Okta.
Remaining questions?
It’s unclear which other companies were affected and how they responded to the breach. Additionally, concerns remain about Okta’s security processes and whether they have learned from previous incidents.
Subscribe to our email newsletter to get the latest posts delivered right to your email.
Do you think Okta’s response to the breach, impacting around 1% of its customers, was adequate? How would you have expected them to handle the situation?