Type
Incident
Actors
Unknown
Pub. date
October 20, 2023
Initial access
End-user compromise
Impact
Supply chain attack
References
https://sec.okta.com/articles/2023/10/tracking-unauthorized-access-oktas-support-systemhttps://sec.okta.com/articles/2023/10/tracking-unauthorized-access-oktas-support-system
Status
Stub
Last edited
Jun 2, 2024 8:02 AM
The threat actor gained access to Okta’s environment, and figured out that Okta was storing unsanitized HAR files (recordings of browser activity) that customers were sharing with the Okta support team to help with troubleshooting. These HAR files sometimes contained customer session tokens for Okta’s platform, so they represented a veritable goldmine for the threat actor, who managed to reuse these session tokens to gain access to a few different organizations. Some of those organizations even came forward to publicly state that they were affected, which is a rare occurrence.
