Okta recently reported that unknown attackers accessed their customer case management system using stolen credentials. The attackers were able to access HAR files containing sensitive data such as credentials, cookie IDs or session tokens. Okta claims about 1% of customers are potentially affected by the incident and has provided Indicators of Compromise for customers to check against their logs. This highlights the level of trust organizations place in third-party providers and the dangers that can result from compromised vendors. Three lessons to take away from this attack include: never share an unsanitized HAR file, protecting your production app isn't enough, and identity is the weakest link in security.