59
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

Okta says hackers breached its support system and viewed customer files::Hackers obtained valid credentials, but Okta doesn't say how.

top 1 comments
sorted by: hot top controversial new old
[-] autotldr@lemmings.world 1 points 1 year ago

This is the best summary I could come up with:


“HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users,” Bradbury wrote.

The CSO also didn't say whether access to the compromised support system was protected by two-factor authentication, which best practices call for.

BeyondTrust’s access policy controls stopped the attacker’s “initial activity, but limitations in Okta’s security model allowed them to perform a few confined actions,” the company said without elaborating.

The initial incident response indicated a possible compromise at Okta of either someone on their support team or someone in position to access customer support-related data.

In December 2022, hackers stole Okta source code stored in a company account on GitHub.

Friday’s post contains IP addresses and browser user agents used by the threat actors that others can use to indicate if they have also been affected.


The original article contains 431 words, the summary contains 140 words. Saved 68%. I'm a bot and I'm open source!

this post was submitted on 22 Oct 2023
59 points (96.8% liked)

Technology

59436 readers
1369 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS