Disclosures:
Professional Reviews

The reviews found on GuideHaven consist of evaluations conducted by community reviewers. These assessments take into account the reviewers’ unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

GuideHaven is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we’ve partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

GuideHaven contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on GuideHaven are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

News Heading

Okta Breach: Threat Actors Use Stolen Credentials to Access Its Support System

Shipra Sanganeria
Published by Shipra Sanganeria on October 24, 2024

San Francisco-based identity and access management firm Okta disclosed a new security breach incident by unknown threat actors. Using stolen employee credentials, the hackers accessed its support management system to steal sensitive user information.

Okta’s Chief Security Officer (CSO), David Bradbury in an advisory revealed few details about the incident, including customer browser files accessed by the hacker. ‘’The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,’’ Bradbury stated.

‘’It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted,’’ he continued.

Bradbury further revealed that Okta’s case management system, Auth0/CIC was not impacted by this incident, and it had notified customers whose Okta environment or support tickets were exposed during the breach.

The advisory also revealed few details about the type of information stored in the support case management system. ‘’Okta support will ask customers to upload an HTTP Archive (HAR) file, which allows for troubleshooting of issues by replicating browser activity,’’ the advisory explained. These HAR files contain sensitive information like cookies and session tokens, which can be used to hack valid accounts.

To stem the adverse impact resulting from the incident, Okta is working with its customers, including revocation of embedded session tokens.

Although, the company did not disclose the scale of impact or number of affected customers. BeyondTrust, Cloudflare and 1Password are some of the customers that were impacted by this support system breach.

BeyondTrust, an identity security platform revealed that it had first notified Okta on October 2, about the security breach; however, Okta did not confirm the incident until October 19.

In the past two years, Okta has been on the radar of various threat actors, owing to its clientele that includes some of the largest companies in the world.

Did you like this article? Rate it!
 
 
 
 
 
I hated it I don’t really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback