Okta could be facing more cyberattacks following customer support hack

A hacker obtained browser session cookies for Okta customers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Unidentified hackers recently broke into Okta and stole client session cookies, potentially giving them access to those companies’ networks, and potentially infect the endpoints withmalwareandransomware.

The company confirmed the news in ablog postwritten by its Chief Security Officer David Bradbury, who confirmed outsiders had managed to get hold of login credentials for Okta’s support case management system.

Logging into the tool, they were able to view browser recording files that Okta’s customers uploaded for troubleshooting. These recordings, as explained, often include website cookies and session tokens - every hacker’s holy grail as it allows them to bypass not just the login screen, but multi-factor authentication (MFA), too.

Customers notified

Whoever hacked Okta really did try to compromise one of its clients, it was later said, as security firm BeyondTrust was recently called in by one of its clients to inspect a hacking attempt that happened soon after an admin shared a browser recording session with Okta.

As per BeyondTrust’s CTO Mark Maiffret, the attacker used a session token from the uploaded browser recording session and created a new admin account. The attack “was the result of Okta’s support system being compromised which allowed an attacker to access sensitive files uploaded by their customers.”

We don’t know exactly how many of Okta’s customers were affected by the breach. The company’s spokesperson toldTechCrunchthe incident affected roughly 1% of its userbase. In March 2023, Okta said it services around 17,000 customers. It’s still now known how the attacker obtained the credentials to the Okta support case management system. Okta notified the affected firms and contained the incident on October 17.

Okta is an access andidentity service provider, offering different identity management tools including Single Sign On.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaTechCrunch

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Owl Labs Meeting Owl 4+ review