Identity and access management company Okta recently revealed a data breach that has impacted some of its customers. The breach involved the exposure of data in the company’s support case management system. Okta clarified that this support system is separate from its production service, which remains unaffected by the incident. Additionally, the breach did not affect the Auth0/CIC case management system.
The breach was discovered by BeyondTrust, who stated that it resulted from a compromise of Okta’s support system. This allowed an attacker to access sensitive files uploaded by Okta customers. BeyondTrust’s security teams detected the attacker attempting to access an in-house Okta administrator account using a valid session cookie stolen from the support system. While custom policy controls initially blocked the attacker, certain limitations in Okta’s security model enabled them to perform a limited number of actions.
According to KrebsOnSecurity, the hackers responsible for the breach had access to Okta’s support platform for around two weeks before the company fully contained the intrusion. This highlights the sophistication and persistence of the attackers.
In response to the breach, Rahul Pawar, Global Vice President, Security GTM & CTO, GSS at Commvault, emphasized the importance of strong password management and multifactor authentication (MFA). He highlighted that organizations should implement a multi-layered cybersecurity and cyber resilience program to protect themselves from such attacks and reduce the risk of compromise.
Pawar provided several recommendations for organizations that use Okta to safeguard their data. Firstly, all users should be required to use strong passwords and enable MFA. This applies to both regular accounts and administrative accounts. Monitoring Okta logs for suspicious activity and adopting a zero-trust security model can further mitigate the risk of compromise, even if an attacker gains access to a user’s credentials.
Additionally, organizations should consider rotating all Okta credentials and updating the passwords for any other accounts linked to Okta, such as email and cloud storage accounts. Security awareness training for employees, focusing on identifying and avoiding phishing attacks, is also crucial in fortifying an organization’s defenses.
While Okta has stated that there is no evidence of customer data being affected by the breach, organizations are advised to take the necessary precautions to protect themselves from potential harm. As the threat landscape continues to evolve, companies must remain vigilant and prioritize robust security measures to safeguard their sensitive information.