时间:2024-09-20 08:12:55 来源:网络整理编辑:綜合
Okta, the San Francisco-based identity and access management company, reported a security breach on
Okta, the San Francisco-based identity and access management company, reported a security breach on Friday. Hackers gained access to private customer information through its customer support management system.
In a site-wide announcement, Okta Chief Security Officer David Bradbury revealed that hackers viewed content uploaded by some Okta customers related to recent support cases. These files, known as HTTP archive (HAR) files, help support personnel replicate customer browser activity for troubleshooting.
SEE ALSO:23andMe may have suffered yet another breach – your data is in jeopardy"HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users," Bradbury said.
Bradbury did not disclose how the credentials were stolen nor if two-factor authentication was in place for the compromised support system. To mitigate the damage, Okta revoked embedded session tokens and advised customers to sanitize credentials within HAR files before sharing.
According to Arstechnica, the initial hack was stopped by security firm BeyondTrust, which alerted Okta to suspicious activity about a month ago. However, due to some flaws within Okta's security model, some actions were still carried out by malicious actors.
Bradbury confirmed that all affected customers have been informed. He also provided IP addresses and browser user agents associated with the hackers for further investigation. He also added that Okta's main production service and Auth0/CIC case management system remain unaffected.
Okta has had its fair share of hacker troubles lately. In March 2022, a group called Lapsus$ accessed an Okta admin panel, allowing them to reset customer passwords and authentication credentials. In December of that same year, Okta's source code was stolen from a GitHub account.
TopicsCybersecurity
Fiji wins first2024-09-20 07:57
胡爾克 :熱刺曾對我有意 但在中超太久無法獲得勞工證2024-09-20 07:46
昔日隊友梅方發文祝福張琳芃:Good Luck,好運 !大芃2024-09-20 07:42
本澤馬單季42場42球!老佛爺:沒人能搶走他的金球2024-09-20 07:25
Tributes flow after death of former Singapore president S.R. Nathan2024-09-20 07:21
泰山新外援克雷桑正辦理入境手續 歸隊時間未敲定2024-09-20 07:04
韓國將與巴西阿根廷踢熱身賽 孫興慜過招內馬爾梅西2024-09-20 06:42
球迷不滿姆巴佩沒傳球給梅西 社媒炮轟 :他最自私2024-09-20 06:37
New Zealand designer's photo series celebrates the elegance of aging2024-09-20 06:04
貝爾缺席皇馬奪冠慶祝 西媒痛罵:他故意疏遠隊友2024-09-20 05:31
Olympian celebrates by ordering an intimidating amount of McDonald's2024-09-20 07:55
韓國將與巴西阿根廷踢熱身賽 孫興慜過招內馬爾梅西2024-09-20 07:53
胡爾克:熱刺曾對我有意 但在中超太久無法獲得勞工證2024-09-20 07:31
大連梅州確認將承辦中超首階段賽事 足協正全力爭取日照2024-09-20 07:21
Sound the alarms: Simone Biles finally met Zac Efron2024-09-20 07:11
意大利教父!維尼修斯社媒曬照 安帥戴墨鏡叼雪茄2024-09-20 06:57
廣州隊亞冠遭遇11連敗 進一球目標隻能等奇跡 ?2024-09-20 06:46
廣州隊VS川崎前鋒首發 :楊鑫領銜後防 葉國琛單前鋒2024-09-20 06:18
You can now play 'Solitaire' and 'Tic2024-09-20 05:40
武漢三鎮官宣 :廣州隊4將+國青核心陶強龍加盟2024-09-20 05:37