Okta, a company that provides identity verification services, recently disclosed a data breach in their customer support portal system. This breach allowed hackers to access and steal uploaded customer files, which were used for support cases in the past.
It is important to note that this data breach only affected the customer support portal system, and not the main identity verification system, which remains unaffected. Additionally, the support case systems of Auth0/CIC were also unaffected. Okta has reached out to all impacted customers, and if a customer has not been contacted, it means they were not affected by this incident.
Okta’s support portal system requires customers to submit HTTP Archive (HAR) files to help replicate browser scenarios for troubleshooting purposes. These files contain cookies and session tokens, allowing hackers to masquerade as users without the need for passwords or additional authentication. Okta has provided guidance to affected customers on mitigating the impact of this event.
Further information was provided by Vitor De Souza, a representative from Okta, stating that approximately 1% of their customer base was impacted by this incident.
TLDR: Okta, a provider of identity verification services, suffered a data breach in their customer support portal system, resulting in customer files being accessed and stolen by hackers. Only the support portal system was affected, and Okta is working with impacted customers to address the issue. Roughly 1% of Okta’s customer base was affected.