OKTA, which provides identification tools, such as multiple authentication and a single entrance for thousands of businesses, was faced with a violation of the security of its customer support department. According to information from krebsonsecurity, the incident affected “a very few “Clients. However, it seems that the attackers had access to the OKTA support platform for at least two weeks before the company completely eliminated the consequences of the invasion.
The Council sent to customers on October 19, OkTA reported that she had discovered hostile activity using access to stolen accounting data to enter the circulation management system in OKTA support. The attacker was able to view the files downloaded by some OKTA customers as part of recent calls in support.
When Okta solves problems with clients, she often asks to provide a record of a web browser session. These files are sensitive, as they include cuckoo and tokens of the client’s session, which violators can use to simulate real users.
Beyondtrust, one of the OKTA customers, received a notification from OKTA. Mark MEFRET, Chief Technical Director of BeyNDTRUST, emphasized that the notification came more than two weeks after his company warned OKTA about a possible problem.
In an interview with KrebsonSecurity, OKTA’s main information security officer Charlotte Wiley said that the company initially believed that the warning from Beondtrust was not the result of a violation in its systems. However, by October 17, the company determined and localized the incident.
The disclosure of information from OKTA occurred shortly after the Caesar’s Entertainment and MGM Resorts casinos were hacked. In both cases, attackers were able to convince employees to reset the requirements of multiple entrance for accounts of the administrator OKTA.
In March 2022, OKTA revealed information about safety violations from the hacker group Lapsus $. Wiley refused to answer questions about