Facebook Twitter Linkedin Youtube
hm-network_logo_REGISTERED_white-2
Hacker
Picture of HM NETWORK

HM NETWORK

Attackers steal HAR files from Okta

On October 20, 2023, Okta, a leading provider of identity and access management (IAM) solutions, disclosed that it had suffered a breach of its customer support system. The breach occurred between September 28 and October 17, 2023, and allowed the attacker to access files belonging to 134 of Okta’s 18,400 customers.

The attacker gained access to the system by compromising a service account that was used by Okta’s customer support team. This account had permissions to view and update customer support cases, including the ability to upload and download files.

The attacker used this access to steal HAR files, which are files that contain HTTP archive data. HAR files can contain sensitive information, such as cookies and session tokens, that can be used to impersonate valid users.

 

Okta has confirmed that the attacker used the stolen HAR files to hijack the Okta sessions of five customers.

 

Three of these customers: 1Password, BeyondTrust, and Cloudflare, have publicly disclosed that they were affected.

 

Okta has taken steps to mitigate the impact of the breach, including:

  • Rotating the credentials of all Okta customers and partners
  • Implementing session token binding to prevent the hijacking of Okta sessions
  • Requiring Okta administrators to re-authenticate if their network location changes

They have also recommended that customers take a number of steps to protect themselves, including:

  • Resetting all passwords for accounts that are protected by Okta
  • Implementing multi-factor authentication (MFA) on all accounts
  • Monitoring for suspicious activity on all accounts

 

The Okta breach is a reminder of the importance of cyber-security for all organisations, regardless of size or industry. Organisations should implement strong security measures, such as MFA, to protect their accounts and data.

 

Here are some additional tips for organisations to protect themselves from breaches:

  • Educate employees about cyber-security best practices and phishing scams
  • Keep software and systems up to date
  • Implement security monitoring and incident response plans
  • Have a plan for recovering from a breach

 

By following these tips, your organisation can reduce risk of being affected by a breach.

Follow & Connect

Linkedin Facebook Twitter Instagram Whatsapp Linkedin-in

Contact us

Call 0333 344 4190

or message us below.

Thanks For Your Feedback!