Okta, an identification and entry administration providers supplier, disclosed that its buyer help case administration system was just lately compromised, exposing delicate buyer knowledge together with cookies and session tokens. Attackers may probably use the data to impersonate legitimate customers contacting help.
The client help case administration system is separate from the Okta service itself and the incident solely impacted prospects with current help instances, the corporate’s Chief Safety Officer David Bradbury harassed in a weblog submit on Oct. 20. Impacted prospects have been notified, he stated.
“Okta has labored with impacted prospects to analyze, and has taken measures to guard our prospects, together with the revocation of embedded session tokens,” Bradbury added.
In its weblog submit, Okta listed IP addresses and user-agents that safety groups can use of their risk searching efforts.
The announcement comes after Okta was recognized because the preliminary assault vector in current twin cyberattacks on MGM Resorts and Caesars Leisure.