Three key lessons from unauthorized access to Okta’s support system
Okta recently reported that unknown attackers accessed their customer case management system using stolen credentials. The attackers were able to access HAR files containing sensitive data such as credentials, cookie IDs or session tokens. Okta claims about 1% of customers are potentially affected by the incident and has provided Indicators of Compromise for customers to check against their logs. This highlights the level of trust organizations place in third-party providers and the dangers that can result from compromised vendors. Three lessons to take away from this attack include: never share an unsanitized HAR file, protecting your production app isn't enough, and identity is the weakest link in security.
Company
Veza
Date published
Oct. 27, 2023
Author(s)
Kale Bogdanovs
Word count
906
Language
English
Hacker News points
None found.