A hacker has infiltrated Okta, a provider of single sign-on services to thousands of businesses, but the attacker only breached the company’s customer support system.
It's unclear how the hacker broke in. For now, Okta has only said the attacker “leveraged access to a stolen credential to access Okta's support case management system.”
The support case management system is separate from Okta’s production service, which can allow users to log into multiple websites and apps through a single sign-on method.
Still, the hacker had the ability to steal sensitive data from files uploaded to Okta’s customer case management system. This included cookies and session tokens embedded in HTTP Archive files that customers could upload to help them troubleshoot issues.
Stealing these cookies and session tokens can allow a hacker to “impersonate valid users,” the company said, becoming another way to break into someone’s account. As a result, Okta has sent notifications to affected customers, warning them about the threat.
“Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens,” the company added.
Okta declined to provide more details. But according to security journalist Brian Krebs, the company appears to have uncovered the breach when a customer, security vendor BeyondTrust, noticed unusual activity on its network. An Okta account belonging to a BeyondTrust engineer tried to create a powerful admin account. The security vendor then noticed the activity was occurring through a valid session token that BeyondTrust had previously shared to Okta through an HTTP Archive file.
This led BeyondTrust to believe Okta had suffered a
Read more on pcmag.com