November 3, 2023 at 10:53AM
Okta recently disclosed that attackers gained unauthorized access to its customer support system from September 28 to October 17, 2023. Files belonging to 134 customers were compromised, and session hijacking attacks were carried out using stolen session tokens. The breach affected five customers, including 1Password, BeyondTrust, and Cloudflare. Okta took measures to prevent similar incidents and apologized to its customers. In addition, this is not the first security breach Okta has experienced in recent years, with previous incidents involving credential theft and social engineering attacks.
Key takeaways from the meeting notes are:
1. Okta recently experienced a security breach in their customer support system. Attackers gained unauthorized access to files of 134 Okta customers, and 5 of these customers were later targeted in session hijacking attacks.
2. The breach occurred between September 28, 2023, and October 17, 2023, affecting less than 1% of Okta customers.
3. The attackers used stolen session tokens found in HAR files to carry out session hijacking attacks. Three customers affected by the breach are 1Password, BeyondTrust, and Cloudflare.
4. Okta was alerted about session hijacking attempts on September 29 but confirmed the breach only after two weeks of investigation and multiple meetings with the affected customers.
5. The attackers obtained credentials for a support service account by stealing them from an employee’s personal Google account, which was accessed on an Okta-managed laptop.
6. Okta has implemented several measures in response to the breach, including disabling the compromised service account, blocking the use of personal Google profiles with Google Chrome on Okta-managed devices, enhancing detection and monitoring rules, and binding Okta administrator session tokens based on network location.
7. Okta has notified all customers about the breach and completed remediations to protect them. The company apologizes for the incident.
8. Apart from this recent breach, Okta has experienced previous security breaches due to credential theft and social engineering attacks. Some incidents involved the exposure of confidential source code information.
9. In another breach unrelated to the customer support system incident, approximately 5,000 current and former employees’ personal information was exposed after a breach in Okta’s healthcare coverage provider, Rightway Healthcare, in September.
10. Okta is actively working on improving security measures to prevent future incidents.