Okta Security had to admit to another successful cyberattack on its systems. However, this time only a small group of users were said to have been affected and there were no data leaks to report.
Okta Security reports identifying adversarial activity that accessed Okta's support case management system using stolen credentials. According to initial reports, the attack is said to have been much smaller than when the hacker group Lapsus$ found its way into the Okta network via the laptop of a third-party technician in May 2022.
Have you been online for a short time or for weeks?
While Octa reports that the attackers only had brief and harmless access to the network, the Krebs on Security portal reports that the attackers had access to the Octa customer service platform for at least two weeks, before the company noticed and stopped the break-in.
Okta itself reports it this way: “Okta Security has identified adversary activity that used access to stolen credentials to access Okta's support case management system. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that Okta's support case management system is separate from the Okta Production service, which is fully functional and has not been impacted. Additionally, the Auth0/CIC case management system is not affected by this incident.”
Affected Octa customers notified
Octa said all affected customers have been notified. As part of normal business operations, Okta Support requests customers to upload an HTTP archive (HAR) file, which enables troubleshooting by replicating browser activity. HAR files can also contain sensitive data, including cookies and session tokens, which malicious actors can use to impersonate valid users. Okta has worked with affected customers to investigate and take measures to protect customers, including suspending embedded session tokens. In general, Okta recommends sanitizing all credentials and cookies/session tokens in a HAR file before releasing it.
More at Okta.com