Cyber Security Threat Summary:
In a recent statement from Okta security chief David Bradbury, Bradbury confirmed that from September 28, 2023, to October 17, 2023, a threat actor gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers. These files contained session tokens, which the threat actor was able to use to hijack the legitimate Okta sessions of 5 customers. While undergoing their investigation, Okta security uncovered that an employee had signed in to their personal Google profile on the Chrome browser of their Okta-managed laptop. Given that the username and password of the service account were saved into the employee’s personal Google account, Okta believes that the threat actor most likely compromised the employee’s personal Google account or device to gain access to its customer support system.

Security Officer Comments:
In light of the breach, Okta has implemented several remediation measures to prevent further potential attacks in the future. For starters, the IT service management company has disabled the compromised service account and has blocked the use of personal Google profiles with Google Chrome. It has also enhanced monitoring for the customer support system and deployed additional detection and monitoring rules. Lastly, the company has also released session token binding based on network location to combat the threat of session token theft against Okta administrators.

Link(s):
https://www.securityweek.com/