Topics
Latest
AI
Amazon
Image Credits:Ron Miller / TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Ron Miller / TechCrunch
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
game
Government & Policy
computer hardware
Layoffs
Media & Entertainment
Meta
Microsoft
privateness
Robotics
Security
societal
Space
inauguration
TikTok
Transportation
speculation
More from TechCrunch
effect
Startup Battlefield
StrictlyVC
Podcasts
video recording
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
personal identity and entree giant Okta said a hacker broke into its customer support just the ticket system and steal sensitive files that can be used to check into the internet of Okta ’s customer .
Okta chief security department ship’s officer David Bradbury said ina web log postFriday that a hacker used a stolen credential to get at the troupe ’s support case direction system , which contained web internet browser immortalize files uploaded by Okta customers for troubleshoot .
web internet browser recording sessions ( or HAR files ) are used for diagnosing trouble during a web shop school term , and often include website cooky and session tokens , which if stolen can be used to impersonate a real user report without needing their word or two - factor .
Bradbury say “ customer who were impacted by this have been send word . ” It ’s not clear how Okta ’s support case management system was initially compromise .
Okta provide organizations and companies with admittance and identity peter , such as “ single foretoken - on , ” which allows employee access to all of a company ’s resources on the web with one set of credentials . Okta has around 17,000 customer and manages around 50 billion exploiter , the company say ina March 2023 blog position .
Okta spokesperson Vitor De Souza told TechCrunch that around 1 % of customers are affected by this breach , but decline to provide a specific number .
Security house BeyondTrust , which uses Okta , say inits own blog postthat it notified Okta of a likely breach on October 2 after it detected an undertake via media to its connection a short time after an administrator shared a web browser transcription session with an Okta support agent .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
BeyondTrust ’s master technology officer Marc Maiffret said the hack used a school term token from the uploaded internet browser recording sitting to make an administrator account on BeyondTrust ’s internet , which it immediately close down . Maiffret say the incident “ was the outcome of Okta ’s support scheme being compromised which allowed an assailant to get at sensitive files uploaded by their customers . ”
Security journalist Brian Krebsfirst reportedthe tidings . Krebs report that Okta incorporate the incident by October 17 , cite the party ’s deputy chief information security officer Charlotte Wylie .
This is the latest incident at Okta , which in 2022 say that hackersstole some of its source code . Earlier in 2022 , hackers posted screenshotsshowing access code to the company ’s internal networkafter hack into a ship’s company Okta used for customer overhaul .
Okta ’s stock closed down 11 % on Friday espouse news of the breach .
take more on TechCrunch :
