Identity and access giant Okta said a hacker broke into its customer support ticket system and stole sensitive files that could be used to break into Okta customers’ networks.

Okta Chief Security Officer David Bradbury said in a blog post on Friday that a hacker used stolen credentials to access the company’s support case management system, which stores browser recordings uploaded by Okta customers for troubleshooting. Files included.

Browser recording sessions (or HAR files) are used to diagnose problems during a web browsing session, and often include website cookies and session tokens, which can be used to recover their passwords or two-factor authentication if stolen. Can be used to impersonate a user without a real user account.

“Customers who are affected have been notified,” Bradbury said. It’s unclear how Okta’s support case management system was initially compromised.

Okta provides organizations and companies with access and identity tools such as “single sign-on,” which allows employees to access all company resources on the network with a single set of credentials. Okta has about 17,000 customers and manages about 50 billion users, the company said in a March 2023 blog post.

Okta spokesperson Vitor de Souza told TechCrunch that about 1% of customers are affected by the breach, but he declined to provide a specific number.

Security firm BeyondTrust, which uses Okta, said in its own blog post that it notified Okta of the potential breach on October 2 when it was alerted by an administrator sharing a browser recording session with an Okta support agent. Shortly thereafter an attempt to compromise its network was discovered. ,

Marc Maiffret, BeyondTrust’s chief technology officer, said the hacker used a session token from an uploaded browser recording session to create an administrator account on BeyondTrust’s network, which he then immediately shut down. Maiffret said the incident was “the result of a compromise of Okta’s support system that allowed an attacker to access sensitive files uploaded by its customers.”

Security journalist Brian Krebs first reported this news. Citing Charlotte Wylie, the company’s deputy chief information security officer, Krebs said Okta had reported the incident by October 17.

This is the latest incident from Okta, which said in 2022 that hackers stole some of its source code. Earlier in 2022, hackers posted screenshots showing access to the company’s internal network after hacking Okta, a company used for customer service.

Okta’s stock closed down 11% on Friday following news of the breach.

Read more on TechCrunch:

Source: techcrunch.com