Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security IT Technology

Okta Breach: 134 Customers Exposed in October Support System Hack 13

Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens. From a report: "From September 28, 2023 to October 17, 2023, a threat actor gained unauthorized access to files inside Okta's customer support system associated with 134 Okta customers, or less than 1% of Okta customers," Okta revealed. "Some of these files were HAR files that contained session tokens which could in turn be used for session hijacking attacks. The threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers, 3 of whom have shared their own response to this event." The three Okta customers that already disclosed they were targeted due to the company's October security breach are 1Password, BeyondTrust, and Cloudflare. They all notified Okta of suspicious activity after detecting unauthorized attempts to log into in-house Okta administrator accounts.
This discussion has been archived. No new comments can be posted.

Okta Breach: 134 Customers Exposed in October Support System Hack

Comments Filter:
  • by BigFire ( 13822 ) on Friday November 03, 2023 @11:54AM (#63977144)

    What could possibly go wrong?

    • by Midnight_Falcon ( 2432802 ) on Friday November 03, 2023 @12:10PM (#63977192)
      Probably far less than if you let all your users self manage passwords and MFA across dozens of SaaS services...or even manage your own ADFS IdP. What's harder, finding reused passwords in dumpz and SIM swapping or hacking Okta support or the platform itself? Unfortunately there are no news articles for the daily breaches that occur because of the lack of centralized authentication policy to SaaS services.
    • Even apart from the many-eggs-in-one-basket factor, Okta in particular has been a long-running trainwreck for ages now, I think the only reason companies stick with them is because the arrangement looks really good on paper from a compliance/box-check software auditing perspective.

      Not the first time security got an effective downgrade through a switch to a proprietary commercial solution for that reason, won't be the last...

      • I think "long running trainwreck" is hyperbolic to be generous...they've had a couple of high profile incidents that didn't result in significant breaches or even any consequences for most customers. Other incidents were because simply the customer used Okta and some IT person was social engineered...not Oktas fault, if they used ADFS, Ping Identity or anything else that same attack vector would work. It's also not just for the compliance..it's really hard to secure authentication to SaaS applications wit
    • What could possibly go wrong?

      Yes, because having everyone roll their own auth is a good idea. /s

  • by awwshit ( 6214476 ) on Friday November 03, 2023 @02:50PM (#63977710)

    Okta sales was so aggressive that I ended up blocking them both in email and in the phone system. Apparently, they'd like to force me to take their product. Fuck Okta, what a joke of a company. I hope they get everything they deserve.

    • Really, cause I just led the trial of Okta for my company, and the rep Rico was very nice and not pushy. I mean, hes sales, so yes he's going to attempt to close the deal. But you cant fault for that. But I never felt pressured, unlike the Ping reps.
      • I'm not looking for a Single Sign-On solution. I'd rather administer n different systems and make my users have n different credentials for n different systems, while offering a locally hosted password manager. The only cloud service that has not been hacked has not been hacked yet. I'll take my chances on prem and do my best to do my homework, I'll have someone I don't know check my work. Sorry Rico, you cannot help me.

  • by Sea Polyp ( 413490 ) on Friday November 03, 2023 @03:06PM (#63977754) Homepage

    If you're going to let a third party (AWS, Google, Azure) host your infrastructure, you might as well let a third party (Okta) handle your authentication and authorisation.
    That way, when your systems are compromised you can blame Someone Else, and that's really all any company wants: To abdicate responsibility for their actions.

  • ...all their customers.
  • by sdinfoserv ( 1793266 ) on Friday November 03, 2023 @03:48PM (#63977892)
    Already posted on /. https://it.slashdot.org/story/... [slashdot.org]
    This is OKTA's 3rd breach in less that 2 years..
    https://techcrunch.com/2022/03... 2022 breach 2: https://techcrunch.com/2022/12 [techcrunch.com]... OKTA's mission is to provide security authorization. Clearly they have utterly and completely failed their mission and continue to fail in shoring up their security infrastructure. They need to dumped as a vendor.

"To take a significant step forward, you must make a series of finite improvements." -- Donald J. Atwood, General Motors

Working...