【】
Okta, the San Francisco-based identity and access management company, reported a security breach on Friday. Hackers gained access to private customer information through its customer support management system.
In a site-wide announcement, Okta Chief Security Officer David Bradbury revealed that hackers viewed content uploaded by some Okta customers related to recent support cases. These files, known as HTTP archive (HAR) files, help support personnel replicate customer browser activity for troubleshooting.
SEE ALSO:23andMe may have suffered yet another breach – your data is in jeopardy"HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users," Bradbury said.
Bradbury did not disclose how the credentials were stolen nor if two-factor authentication was in place for the compromised support system. To mitigate the damage, Okta revoked embedded session tokens and advised customers to sanitize credentials within HAR files before sharing.
According to Arstechnica, the initial hack was stopped by security firm BeyondTrust, which alerted Okta to suspicious activity about a month ago. However, due to some flaws within Okta's security model, some actions were still carried out by malicious actors.
Bradbury confirmed that all affected customers have been informed. He also provided IP addresses and browser user agents associated with the hackers for further investigation. He also added that Okta's main production service and Auth0/CIC case management system remain unaffected.
Okta has had its fair share of hacker troubles lately. In March 2022, a group called Lapsus$ accessed an Okta admin panel, allowing them to reset customer passwords and authentication credentials. In December of that same year, Okta's source code was stolen from a GitHub account.
TopicsCybersecurity
相关文章
Sound the alarms: Simone Biles finally met Zac Efron
Is there anything Simone Biles can't do?The unstoppable gymnast just won her fifth medal of the Rio2024-09-20- 利物浦索要每年8000萬鎊球衣讚助 將成為世界第一_合作_郵報_雙方www.ty42.com 日期:2022-05-02 12:31:00| 評論(已有343205條評論)2024-09-20
- 水慶霞向殘疾人基金會捐款3萬 韓喬生:她不富裕_兒童_中國女足_主教練www.ty42.com 日期:2022-05-02 08:01:00| 評論(已有343140條評論)2024-09-20
- 全看本澤馬 !戰曼城追C羅兩大紀錄 戴帽=曆史封神_比賽_本賽季_歐冠www.ty42.com 日期:2022-05-04 14:31:00| 評論(已有343413條評論)2024-09-20
Tesla's rumored P100D could make Ludicrous mode even more Ludicrous
A Tesla Model S P100D begs the question: What's more Ludicrous than Ludicrous?Right now, the biggest2024-09-20- 波切蒂諾 :對梅西的評價不公平 他與馬拉多納同級_變化_巴薩_賽季www.ty42.com 日期:2022-05-02 13:31:00| 評論(已有343211條評論)2024-09-20
最新评论