Okta Justifies Two-Week Response Time Amid Identity Token Theft, Confirms Impact on 134 Customers

    Recently, Okta took action to resolve a security breach impacting 134 customers, including leading internet security companies. Unauthorized individuals accessed files in Okta’s customer support system from September 28 to October 17. Okta had previously announced on October 20 that cybercriminals had accessed customer files using stolen Okta credentials.

    The Nature of the Compromised Data

    Okta’s investigation revealed that the attackers had accessed HTTP Archive (HAR) files. These files hold session tokens which attackers could use for session hijacking. Notably, threat actors hijacked legitimate Okta sessions belonging to 1Password, BeyondTrust, and Cloudflare. All three companies had independently reported these breaches.

    Tracing the Source of the Breach

    Okta identified the source of the attack as a service account within its customer support system. An Okta employee had logged into their personal Google account on a company-managed laptop, inadvertently saving the service account’s credentials. It’s suspected that the employee’s personal Google account or device compromise led to the security breach.

    Timeline of Okta’s Response

    1Password contacted Okta about the breach on September 29, but the company did not disable the compromised account until October 17. BeyondTrust reported a similar issue on October 2. Cloudflare later criticised Okta for the delay in action, stressing the importance of swift and transparent responses to such breaches.

    Okta’s Investigation and Actions

    Okta’s Chief Security Officer, David Bradbury, stated that the company began an immediate investigation after 1Password’s alert, considering malware or phishing potential causes. Collaborating with 1Password and BeyondTrust was crucial to understanding the breach’s nature fully.

    Improving Security Measures

    Okta acknowledged that it failed to spot the suspicious activities in its logs initially, focusing instead on support case access. The hacker had navigated the system in a manner that generated different log events. In response, Okta has since improved its logging practices to prevent similar incidents.

    Past Challenges and Current Notifications

    Okta has previously faced criticism for its handling of data breaches. In this instance, the CSO has publicly apologised, and the company has informed all affected customers of the security issue.

    By addressing these aspects, the article would adhere to SEO best practices regarding active voice, subheading distribution, and sentence length.

    Latest articles

    Related articles