Article 6FR9B Okta says hackers breached its support system and viewed customer files

Okta says hackers breached its support system and viewed customer files

by
Dan Goodin
from Ars Technica - All content on (#6FR9B)
data-breach-800x435.jpeg

Enlarge (credit: Getty Images)

Identity and authentication management provider Okta said hackers managed to view private customer information after gaining access to credentials to its customer support management system.

The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases," Okta Chief Security Officer David Bradbury said Friday. He suggested those files comprised HTTP archive, or HAR, files, which company support personnel use to replicate customer browser activity during troubleshooting sessions.

HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users," Bradbury wrote. Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens. In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it."

Read 7 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments