October 20, 2023 at 05:48PM
Okta, an identity and access management services provider, has disclosed a recent compromise of its customer support case management system. Sensitive customer data, including cookies and session tokens, was exposed, potentially allowing attackers to impersonate valid users. The incident only affected customers with recent support cases, and Okta has taken steps to protect affected customers by revoking session tokens. Okta has also provided security teams with IP addresses and user-agents for threat hunting. This follows Okta being identified as the initial attack vector in recent cyberattacks on MGM Resorts and Caesars Entertainment.
According to the meeting notes, Okta, an identity and access management services provider, recently experienced a compromise of its customer support case management system. This incident exposed sensitive customer data, including cookies and session tokens, which attackers could potentially use to impersonate valid users contacting support. It is important to note that the customer support case management system is separate from the Okta service itself, and only customers with recent support cases were impacted.
The company’s Chief Security Officer, David Bradbury, emphasized in a blog post on October 20 that impacted customers have been notified and Okta has worked with them to investigate the incident. Measures have been taken to protect customers, including the revocation of embedded session tokens. Additionally, Okta has provided IP addresses and user-agents in its blog post for security teams to use in their threat hunting efforts.
This disclosure from Okta follows the identification of Okta as the initial attack vector in recent twin cyberattacks on MGM Resorts and Caesars Entertainment.