Okta shares fall 11% after company says client files were accessed by hackers via its support system

Shares of cybersecurity firm Okta

closed down 11.5% after the company said an unidentified hacking group had accessed files that “certain Okta customers” had uploaded to Okta’s support system.

Okta said the hackers were able to access the system using a stolen credential. Okta’s customer offerings, including its production service, were not impacted and are fully operational, the company said.

Some of the largest companies in the world use Okta to streamline their login and identity management systems, including FedEx

and Zoom

, according to the company.

That makes Okta a high-value target for threat actors, who in a worst-case scenario could hypothetically gain access to dozens of other companies if successful in breaching Okta’s defenses. The breach disclosed Friday does not impact client systems, just a support platform Okta uses to help its clients diagnose issues.

“We have notified impacted customers and taken measures to protect all our customers,” the company said.

https://www.cnbc.com/2023/10/20/okta-shares-fall-after-company-says-client-files-were-accessed-by-hackers-via-its-support-system.html

Hackers Stole Access Tokens from Okta’s Support Unit

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion.

In an advisory sent to an undisclosed number of customers on Oct. 19, Okta said it “has identified adversarial activity that leveraged access to a stolen credential to access Okta’s support case management system. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.”

Okta explained that when it is troubleshooting issues with customers it will often ask for a recording of a Web browser session (a.k.a. an HTTP Archive or HAR file). These are sensitive files because in this case they include the customer’s cookies and session tokens, which intruders can then use to impersonate valid users.

“Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens,” their notice continued. “In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it.”

The security firm BeyondTrust is among the Okta customers who received Thursday’s alert from Okta. BeyondTrust Chief Technology Officer Marc Maiffret said that alert came more than two weeks after his company alerted Okta to a potential problem.

https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/

Okta says hackers stole data for all customer support users in cyber breach

November 29, 20234:39 PM EST Updated 5 hours ago

Nov 28 (Reuters) - Okta (OKTA.O) said on Tuesday that hackers stole information on all users of its customer support system in a network breach two months ago.

The San Francisco-based company notified customers that it has determined hackers downloaded a report containing data including names and email addresses of all clients that use its customer support system, the company said in an emailed statement to Reuters.

Okta's shares slumped in October after the company said that the breach allowed some hackers to view files uploaded by certain clients.

Full Article