November 4, 2023 at 05:24AM
Identity and authentication management provider, Okta, reported a recent data breach that affected 134 out of its 18,400 customers. The breach occurred from September 28 to October 17, 2023, and resulted in unauthorized access to session tokens. The company revealed that 5 customers had their legitimate Okta sessions hijacked. Okta has taken measures to address the breach, including revoking session tokens and disabling the compromised service account. They have also introduced session token binding based on network location as a product enhancement. Additionally, Okta disclosed a separate breach involving personal information of its employees, which occurred on September 23.
Key Takeaways from Meeting Notes:
– Okta, an identity and authentication management provider, experienced a data breach and cyber attack.
– The breach affected 134 out of 18,400 Okta customers.
– An unauthorized intruder gained access to Okta’s systems from September 28 to October 17, 2023.
– The intruder accessed HAR files containing session tokens that could be used for session hijacking attacks.
– The session tokens were used to hijack the legitimate Okta sessions of 5 customers, including 1Password, BeyondTrust, and Cloudflare.
– Suspicious activity was first reported by 1Password on September 29, and two other customers were identified on October 12 and October 18.
– Okta revealed the security event on October 20 and stated that the breach was due to the exploitation of a stolen credential to access Okta’s support case management system.
– Investigation showed that the service account username and password were saved to an employee’s personal Google account, which was signed-in on the Chrome web browser of their Okta-managed laptop.
– It is likely that the compromise of the employee’s personal Google account or personal device led to the exposure of the credential.
– Okta has taken several actions in response to the breach, including revoking the session tokens, disabling the compromised service account, and blocking the use of personal Google profiles on Okta-managed laptops.
– Okta has also released a product enhancement called session token binding based on network location, which forces Okta administrators to re-authenticate if a network change is detected.
– In addition to the data breach, Okta also experienced a separate incident where personal information of 4,961 employees was exposed after a breach at its healthcare coverage vendor, Rightway Healthcare, on September 23, 2023.