时间:2025-06-17 11:35:15 来源:网络整理编辑:熱點
Okta, the San Francisco-based identity and access management company, reported a security breach on
Okta, the San Francisco-based identity and access management company, reported a security breach on Friday. Hackers gained access to private customer information through its customer support management system.
In a site-wide announcement, Okta Chief Security Officer David Bradbury revealed that hackers viewed content uploaded by some Okta customers related to recent support cases. These files, known as HTTP archive (HAR) files, help support personnel replicate customer browser activity for troubleshooting.
SEE ALSO:23andMe may have suffered yet another breach – your data is in jeopardy"HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users," Bradbury said.
Bradbury did not disclose how the credentials were stolen nor if two-factor authentication was in place for the compromised support system. To mitigate the damage, Okta revoked embedded session tokens and advised customers to sanitize credentials within HAR files before sharing.
According to Arstechnica, the initial hack was stopped by security firm BeyondTrust, which alerted Okta to suspicious activity about a month ago. However, due to some flaws within Okta's security model, some actions were still carried out by malicious actors.
Bradbury confirmed that all affected customers have been informed. He also provided IP addresses and browser user agents associated with the hackers for further investigation. He also added that Okta's main production service and Auth0/CIC case management system remain unaffected.
Okta has had its fair share of hacker troubles lately. In March 2022, a group called Lapsus$ accessed an Okta admin panel, allowing them to reset customer passwords and authentication credentials. In December of that same year, Okta's source code was stolen from a GitHub account.
TopicsCybersecurity
One of the most controversial power struggles in media comes to a close2025-06-17 11:17
Apple's M2 MacBook Pro and Mac mini reportedly delayed until 20232025-06-17 11:07
David Tennant is the 14th Doctor Who. See the wildest reactions to 'Power of the Doctor'.2025-06-17 11:01
Wordle today: Here's the answer, hints for December 252025-06-17 10:56
Fyvush Finkel, Emmy winner for 'Picket Fences,' dies at 932025-06-17 10:51
The 10 best movies on Hulu for family movie night in 20222025-06-17 10:49
Wordle today: Here's the answer, hints for December 182025-06-17 10:47
Apple Music is coming to Teslas soon, report claims2025-06-17 09:36
Honda's all2025-06-17 09:34
Activision Blizzard president leaves company to head the Bored Ape Yacht Club2025-06-17 09:08
Michael Phelps says goodbye to the pool with Olympic gold2025-06-17 10:51
England vs Senegal livestream: How to watch World Cup Round of 16 live2025-06-17 10:46
'Quordle' today: See each 'Quordle' answer and hints for December 12025-06-17 10:25
Elon Musk wants to democratize Twitter verification. What does life online look like without it?2025-06-17 10:23
J.K. Rowling makes 'Harry Potter' joke about Olympics event2025-06-17 10:21
South Korea vs Ghana livestream: How to watch FIFA World Cup Group H live2025-06-17 09:49
David Tennant is the 14th Doctor Who. See the wildest reactions to 'Power of the Doctor'.2025-06-17 09:38
'Quordle' today: See each 'Quordle' answer and hints for December 12025-06-17 09:35
The U.S. will no longer have the final say on internet domain names2025-06-17 09:29
It looks like China does have access to U.S. TikTok user data2025-06-17 08:58
