Okta, an identity and authentication management software company whose products are widely used in business and education, has fallen victim to a security breach where hackers accessed sensitive customer information through its customer support management system.
Ars Technica reports that Okta announced that hackers infiltrated its customer support management system, gaining unauthorized access to private customer information. The breach was orchestrated by obtaining valid credentials, although the specifics of how these credentials were acquired remain undisclosed.
“The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” said Okta Chief Security Officer David Bradbury. These files, known as HTTP archive (HAR) files, are utilized by support personnel to mimic customer browser activity during troubleshooting sessions, and they may contain sensitive data such as cookies and session tokens.
Bradbury further elaborated on the potential risks, stating, “HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users.” In response to the breach, Okta has taken corrective actions, working closely with the impacted customers to investigate the incident and revoking embedded session tokens to bolster security.
The breach was initially spotted by security firm BeyondTrust, which noticed suspicious activities and alerted Okta. However, it took a considerable amount of time for Okta to confirm the breach and communicate it to the affected parties. BeyondTrust spotted the hack when an unauthorized user attempted to use information from the hack to access its own servers.
Okta isn’t the first widely used business software to suffer a prominent hack recently. Breitbart News previously reported that the FTC is considering an investigation of Microsoft over its weak security practices that led to a major email hack:
The FTC is contemplating an investigation into Microsoft’s adherence to cybersecurity commitments following the massive email hack the revealed troubling vulnerabilities in the tech giant’s defense mechanisms. Hackers were able to access sensitive information in corporate and government email system thanks to Microsoft’s security failures.
The Messenger reports that Microsoft finds itself facing scrutiny from the FTC following the massive cybersecurity leak it suffered this year. A breach that occurred in May, suspected to be the work of Chinese government hackers, exposed the email accounts of Microsoft customers. This breach, however, was only recently brought to light by Microsoft, raising questions about the company’s transparency and cybersecurity robustness.
Read more at Ars Technica here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.