It is not a particularly good month in terms of cybersecurity. October started with the credential stuffing attack on 23andMe, which resulted in some personal data of its clients ending up circulating on Dark Web forums, and now faces its final stretch with another negative news: the identity management giant and access Okta has confirmed that one or more hackers have accessed files of some of its customers.

Its shares have not taken long to suffer on the stock market.

What has happened? That Okta, an American company dedicated to identity and access management, has detected “unauthorized access” to its support system. The news has been confirmed by the company itself through a statement signed by its head of security, David Bradbury.

In the note, Okta explains how the attacker took advantage of a stolen credential to access its support case management system, which in turn contained browser recording files uploaded by its customers.

What does the company say? “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” acknowledges Bradbury, who assures that he has already contacted all those affected.

Okta also remembers that the company’s support case management system is independent of the production service, so it is still “fully operational” and has not been breached. The Auth0/CIC case management system would also not have been affected by the incident.

What information does it handle? As Okta itself explains, its support service can ask its clients to upload HTTP or HAR files, browser recording sessions, to diagnose problems by replicating their activity. HAR files can also contain sensitive information, such as cookies and session tokens, sensitive data that “malicious actors can use to impersonate valid users,” the company says. To avoid this, it has already taken measures with those affected, such as the revocation of tokens.

What scope does the company have? According to information published on its blog in March, Okta serves more than 17,000 customers and manages billions of users, a large figure that corresponds to the identities of employees, customers or partners in each organization. On its website, the company cites some of its clients, including Zoom, FedEx or the Japanese pharmaceutical company Takeda. The number of those affected has not been revealed, although one of his spokespersons assured TechCrunch that the breach would reach around 1% of customers.

The statement insists in any case that all those affected have received notification. “If you haven’t been contacted with another message or method, there is no impact on your Okta environment or your support tickets,” she reassures.

What consequences has it had? Okta has suffered a significant puncture in the stock market. According to CNBC, its shares fell around 11% after the company confirmed that a hacker had accessed files of “certain clients” in its support system. The specialized platform Investing shows how its titles went from 85.2 dollars on Thursday to 75.5. “Attacks like this highlight the importance of remaining alert and attentive,” Bradbury said.

Cover Image: Okta

