October 20, 2023 at 02:48PM
Attackers breached Okta’s support management system using stolen credentials, gaining access to files containing cookies and session tokens uploaded by customers. The incident did not impact the production Okta service or the Auth0/CIC case management system. Okta notified affected customers and advised all customers to sanitize their HAR files to remove sensitive data. This is one of multiple security incidents for Okta in the past two years.
Key takeaways from the meeting notes are as follows:
1. Okta suffered a security breach where attackers accessed files containing cookies and session tokens uploaded by customers to the support management system using stolen credentials. The production Okta service remains unaffected.
2. The breach impacted the support case management system, which also stored HTTP Archive (HAR) files containing sensitive data like cookies and session tokens. These files could be used by threat actors to impersonate customers.
3. Okta worked with affected customers to investigate the incident and revoke session tokens embedded in shared HAR files. They advise all customers to sanitize their HAR files before sharing.
4. Okta shared indicators of compromise, including IP addresses and web browser User-Agent information associated with the attackers.
5. This is not the first security incident faced by Okta. In the past, customer data was exposed through administrative console access, stolen one-time passwords (OTPs), and theft of source code repositories.
Overall, Okta is taking steps to address the recent breach and collaborate with affected customers to mitigate the impact. Customers are advised to take necessary precautions with their HAR files and closely monitor any suspicious activity.