Okta’s Security Breach Puts Businesses on Alert

Okta Security Breach

Okta, a purveyor of identity tools such as multifactor authentication and single sign-on for countless enterprises, grappled with a security breach in its customer support division. According to a disclosure by KrebsOnSecurity, the incident impacted an ‘exceptionally small subset’ of clientele. Yet, it seems malefactors had unhindered access to Okta’s support platform for at least a fortnight before the firm could completely mitigate the ramifications of the intrusion.

In an advisory dispatched to clients on October 19th, Okta unveiled that it discerned malevolent activity leveraging stolen credentials to access Okta’s support ticket management system. The intruder was able to peruse files uploaded by certain Okta clients as part of their recent support engagements.

When Okta addresses client concerns, it frequently solicits browser session logs. Such records bear sensitivity as they encompass client cookies and session tokens, which malefactors might exploit to impersonate legitimate users.

BeyondTrust, an Okta client, received such a notification. Marc Maiffret, Chief Technical Officer of BeyondTrust, accentuated the advisory arrived over two weeks subsequent to his firm alerting Okta of a potential vulnerability.

In an interview with KrebsOnSecurity, Charlotte Wylie, Okta’s Deputy Chief Information Security Officer, conveyed that the company initially surmised that BeyondTrust’s October 2nd alert was not symptomatic of a breach within their systems. However, by October 17th, the enterprise had pinpointed and contained the incident.

Okta’s disclosure materialized shortly after breaches were reported at Caesar’s Entertainment and MGM Resorts. In both episodes, adversaries persuaded employees to bypass multifactor authentication for Okta’s administrator accounts.

In March 2022, Okta divulged a security breach orchestrated by the hacker collective LAPSUS$. Wiley demurred from speculating on the duration of the infiltrator’s access or potential culprits. However, she intimated familiarity with the adversary from past confrontations.

Okta released a post-mortem on the incident, incorporating certain ‘indicators of compromise’ for clients to discern any potential impact. Yet, the firm underscored that ‘all affected clientele had been duly informed’.

BeyondTrust chronicled their findings in a subsequent blog post.