Okta could be facing more cyberattacks following customer support hack

News
By Sead Fadilpašić
published

A hacker obtained browser session cookies for Okta customers

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Unidentified hackers recently broke into Okta and stole client session cookies, potentially giving them access to those companies’ networks, and potentially infect the endpoints with malware and ransomware

The company confirmed the news in a blog post   written by its Chief Security Officer David Bradbury, who confirmed outsiders had managed to get hold of login credentials for Okta’s support case management system. 

Logging into the tool, they were able to view browser recording files that Okta’s customers uploaded for troubleshooting. These recordings, as explained, often include website cookies and session tokens - every hacker’s holy grail as it allows them to bypass not just the login screen, but multi-factor authentication (MFA), too.

Customers notified

Whoever hacked Okta really did try to compromise one of its clients, it was later said, as security firm BeyondTrust was recently called in by one of its clients to inspect a hacking attempt that happened soon after an admin shared a browser recording session with Okta.

As per BeyondTrust’s CTO Mark Maiffret, the attacker used a session token from the uploaded browser recording session and created a new admin account. The attack “was the result of Okta’s support system being compromised which allowed an attacker to access sensitive files uploaded by their customers.”

We don’t know exactly how many of Okta’s customers were affected by the breach. The company’s spokesperson told TechCrunch the incident affected roughly 1% of its userbase. In March 2023, Okta said it services around 17,000 customers. It’s still now known how the attacker obtained the credentials to the Okta support case management system. Okta notified the affected firms and contained the incident on October 17.

Okta is an access and identity service provider, offering different identity management tools including Single Sign On.

Via TechCrunch

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.