Okta blames employee for hack

Share post:

Okta is blaming a recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop, exposing credentials that led to the theft of data from multiple Okta customers.

In a brief post-mortem, Okta security chief David Bradbury said the internal lapse was the “most likely avenue” for the breach that affected hundreds of Okta customers, including cybersecurity companies BeyondTrust and Cloudflare.

The threat actor gained unauthorized access to files inside Okta’s customer support system from September 28 to October 17, 2023. Some of these files contained session tokens that could be used for session hijacking attacks.

Bradbury said the threat actor was able to hijack the legitimate Okta sessions of five customers. The hackers leveraged a service account stored in the system itself that was granted permissions to view and update customer support cases.

Bradbury said the most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device.

The employee had signed in to their personal Google profile on the Chrome browser of their Okta-managed laptop. The username and password of the service account had been saved into the employee’s personal Google account.

Bradbury admitted to a failure of internal controls to spot the breach.

The sources for this piece include an article in SecurityWeek.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Cyber attack on Hamilton knocks out municipal phone, email

One of Ontario’s biggest cities is in the second day of dealing with a cyber attack. Hamilton, a municipality of about 570,000 on the shore of Lake Ontario, said Sunday it had suffered a city-wide phone and email “disruption” to municipal and public library services, which included the Bus Check Info Line and the HSRNow

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways