Hackers used stolen credentials to access Okta’s support system

Hackers used stolen credentials to access Okta’s support system

Identity services provider Okta revealed that unknown attackers gained access to its support case management system using stolen credentials.

According to Okta’s Chief Security Officer David Bradbury, the intruders were able to view files uploaded by certain Okta customers as part of recent support cases. He added the production Okta service has not been impacted by the incident.

“Within the course of normal business, Okta support will ask customers to upload an HTTP Archive (HAR) file, which allows for troubleshooting of issues by replicating browser activity. HAR files can also contain sensitive data, including cookies and session tokens, that malicious actors can use to impersonate valid users,” the company wrote, adding that it has notified all impacted customers and has taken some measures, including the revocation of embedded session tokens.

“In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it,” Okta said.

According to a report from cybersecurity journalist Brian Krebs, the attackers had access to Okta’s platform for at least two weeks before the incident was fully contained.

Identity management company BeyondTrust said it was among customers impacted by the breach. According to the company’s Chief Technology Officer Marc Maiffret, on October 2, 2023, BeyondTrust’s security team detected an unauthorized attempt to use an Okta account assigned to one of their engineers to create an administrator account using a valid session cookie stolen from Okta’s support system. The team blocked all access and verified that the attacker did not gain access to any systems.

BeyondTrust said it had informed Okta of the breach on October 2 but had not received any response. Okta’s Deputy Chief Information Security Officer Charlotte Wylie told Krebs that the company initially believed that BeyondTrust’s alert was not a result of a breach in its systems. But she said that by October 17, the company had identified and contained the incident.

Okta did not reveal how many customers were affected by the security breach.

Back to the list

Latest Posts

AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025
Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

The malicious actors used v0.dev to create fake login pages mimicking legitimate brands.
2 July 2025
Popular Posts
Featured vulnerabilities
Inclusion of Functionality from Untrusted Control Sphere in nhairs Python JSON Logger
High Patched | 03 Jul, 2025
Multiple vulnerabilities in FileBrowser
Low Not Patched | 03 Jul, 2025
Information disclosure in FileBrowser
Low Patched | 03 Jul, 2025
Weak password requirements in FileBrowser
Medium Patched | 03 Jul, 2025
Command Injection in FileBrowser
Low Patched | 03 Jul, 2025