The Okta Security Team has identified an attacker who used stolen credentials to gain access to Okta's support case management system.
How was that possible?
Okta Support asks its customers to upload an HTTP archive file during support cases. This file enables troubleshooting by replicating browser activity.
An HTTP file can also contain sensitive data, including cookies and session tokens. An attacker can use this sensitive data to authenticate as a legitimate user.
How was Oktas response?
Okta has worked with affected customers to investigate the issue and has taken steps to protect all customers.
In general, Okta recommends cleaning up all credentials and cookies/session tokens in a HAR file (HTTP) before sharing them.
The Okta incident highlights the risks of handling sensitive data, even in seemingly secure environments. Okta took corrective actions and advises caution when sharing files containing sensitive information. This serves as a crucial reminder for organizations to constantly review and update their cybersecurity measures.
Stay ahead of the wave