Identity and access management tech firm Okta on Friday warned that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users. Within the course of normal business, Okta support will ask customers to upload an HTTP Archive (HAR) file, which allows for troubleshooting of issues by replicating browser activity. Okta has worked with impacted customers to investigate, and has taken measures to protect their customers, including the revocation of embedded session tokens. In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it. Okta has found itself in the crosshairs of multiple hacking groups that target its infrastructure to break into third-party organizations.
Read more: https://www.securityweek.com/okta-support-system-hacked-sensitive-customer-data-stolen/