Unidentified hackers recently broke into Okta and stole client session cookies, potentially giving them access to those companies’ networks, and potentially infect the endpoints with malware and ransomware.
The company confirmed the news in a blog post written by its Chief Security Officer David Bradbury, who confirmed outsiders had managed to get hold of login credentials for Okta’s support case management system.
Logging into the tool, they were able to view browser recording files that Okta’s customers uploaded for troubleshooting. These recordings, as explained, often include website cookies and session tokens - every hacker’s holy grail as it allows them to bypass not just the login screen, but multi-factor authentication (MFA), too.
Whoever hacked Okta really did try to compromise one of its clients, it was later said, as security firm BeyondTrust was recently called in by one of its clients to inspect a hacking attempt that happened soon after an admin shared a browser recording session with Okta.
As per BeyondTrust’s CTO Mark Maiffret, the attacker used a session token from the uploaded browser recording session and created a new admin account. The attack “was the result of Okta’s support system being compromised which allowed an attacker to access sensitive files uploaded by their customers.”
We don’t know exactly how many of Okta’s customers were affected by the breach. The company’s spokesperson told TechCrunch the incident affected roughly 1% of its userbase. In March 2023, Okta said it services around 17,000 customers. It’s still now known how the attacker obtained the credentials to the Okta support case management system. Okta notified the affected firms and contained the incident on October 17.
Okta is an access and identity service provider, offering different identity management tools including Single Sign On.
More from TechRadar Pro
- Your Okta passwords can be easily hacked, experts claim
- Here's a list of the best firewalls today
- These are the best privacy tools around
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.