• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
okta's support system breach exposes customer data to unidentified threat

Okta’s Support System Breach Exposes Customer Data to Unidentified Threat Actors

You are here: Home / General Cyber Security News / Okta’s Support System Breach Exposes Customer Data to Unidentified Threat Actors
October 21, 2023

Id companies provider Okta on Friday disclosed a new security incident that permitted unidentified threat actors to leverage stolen qualifications to access its aid situation management program.

“The threat actor was able to look at data files uploaded by selected Okta consumers as component of recent help scenarios,” David Bradbury, Okta’s main security officer, claimed. “It need to be observed that the Okta help scenario administration system is individual from the creation Okta company, which is totally operational and has not been impacted.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The company also emphasized that its Auth0/CIC case management method was not impacted by the breach, noting it has instantly notified shoppers who have been impacted.

Nonetheless, it mentioned that the purchaser assist procedure is also applied to add HTTP Archive (HAR) files to replicate conclusion person or administrator glitches for troubleshooting purposes.

Cybersecurity

“HAR files can also comprise sensitive details, which include cookies and session tokens, that destructive actors can use to impersonate valid people,” Okta warned.

It more explained it worked with impacted consumers to guarantee that the embedded session tokens ended up revoked to avert their abuse.

Okta did not disclose the scale of the attack, when the incident took area, and when it detected the unauthorized accessibility. As of March 2023, it has more than 17,000 clients and manages all around 50 billion people.

That mentioned, BeyondTrust and Cloudflare are amongst the two customers who have confirmed they had been focused in the most recent assist system attack.

“The danger-actor was in a position to hijack a session token from a guidance ticket which was established by a Cloudflare worker,” Cloudflare explained. “Utilizing the token extracted from Okta, the danger-actor accessed Cloudflare programs on Oct 18.”

Describing it as a advanced attack, the web infrastructure and security corporation mentioned the menace actor guiding the activity compromised two independent Cloudflare employee accounts inside the Okta system. It also explained that no consumer facts or methods had been accessed as a outcome of the occasion.

Cybersecurity

BeyondTrust said it notified Okta of the breach on October 2, 2023, but the attack on Cloudflare indicates that the adversary had access to their guidance devices at the very least until eventually October 18, 2023.

The identification management expert services firm reported its Okta administrator had uploaded a HAR file to the technique on Oct 2 to solve a support issue, and that it detected suspicious exercise involving the session cookie inside 30 minutes of sharing the file. The attempted attacks against BeyondTrust were eventually unsuccessful.

“BeyondTrust immediately detected and remediated the attack as a result of its possess identity applications, Id Security Insights, resulting in no effects or publicity to BeyondTrust’s infrastructure or to its clients,” a spokesperson for the company instructed The Hacker Information.

The progress is the most current in a prolonged checklist of security mishaps that have singled out Okta around the past few decades. The firm has come to be a large-price focus on for hacking crews for the fact that its one signal-on (SSO) expert services are made use of by some of the most significant businesses in the globe.

Located this write-up exciting? Adhere to us on Twitter  and LinkedIn to examine extra distinctive material we put up.


Some components of this short article are sourced from:
thehackernews.com

Previous Post: «cisco zero day exploited to implant malicious lua backdoor on thousands Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices
Next Post: Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer europol dismantles ragnar locker ransomware infrastructure, nabs key developer»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.