Okta Data Breach: Hackers Steal Customer Access Tokens From Support Unit


In a recent cybersecurity incident, identity and access management company, Okta, revealed that hackers gained unauthorized access to its customer support ticket system. Hackers successfully stole sensitive files that can potentially be utilized to breach the networks of Okta’s customers. Okta Chief Security Officer David Bradbury addressed the issue in a blog post, explaining that the perpetrator used a stolen credential to infiltrate the support case management system, which contained browser recording files uploaded by Okta customers for troubleshooting purposes.

Key Takeaway

Hackers have targeted Okta’s customer support ticket system and stolen sensitive files, including browser recording sessions. Although Okta is actively mitigating the situation and informing affected customers, these incidents highlight the importance of robust security measures to protect customer data and the potential ramifications for companies in the event of a breach.

Impersonation through Stolen Browser Recording Files

These browser recording sessions, also known as .HAR files, are typically employed for diagnosing problems encountered during web browsing sessions. Such files often consist of website cookies and session tokens, which, if compromised, can enable individuals to impersonate a legitimate user account without requiring their password or two-factor authentication. Okta has already notified the affected customers, although the initial point of compromise for the support case management system remains unclear.

Scope of the Breach and BeyondTrust’s Involvement

Approximately 1% of Okta’s customer base is said to be impacted by this security breach, according to an Okta spokesperson. However, an exact figure was not disclosed. BeyondTrust, a security firm that utilizes Okta’s services, also reported the incident in its own blog post. They alerted Okta after detecting an attempted compromise to their network shortly after one of their administrators shared a browser recording session with an Okta support agent. The hackers exploited a session token from the uploaded browser recording session to create an administrator account on BeyondTrust’s network, which was promptly shut down.

Okta’s Security Incidents and Consequences

This incident marks the latest security breach for Okta, as it previously reported the theft of some of its source code in 2022. Earlier that year, hackers also posted screenshots revealing access to Okta’s internal network, following a breach of a third-party company Okta utilized for customer service. The breach has prompted concerns among investors, as Okta’s stock price saw an 11% decrease following the news.

Leave a Reply

Your email address will not be published. Required fields are marked *