In a Friday news dump blog post, Okta chief security officer David Bradbury revealed that a threat actor had access to files for 134 customers. Stolen session tokens from support logs were used to hijack sessions for 5 Okta customers, of which three have been publicly identified: 1Password (which first alerted Okta of the problem), BeyondTrust, and Cloudflare.
For a period of 14 days, while actively investigating, Okta did not identify suspicious downloads in our logs. When a user opens and views files attached to a support case, a specific log event type and ID is generated tied to that file. If a user instead navigates directly to the Files tab in the customer support system, as the threat actor did in this attack, they will instead generate an entirely different log event with a different record ID.
Not a great look for an identity management company that is supposed to prevent this exact problem.
The AIs are officially out of control
Google Pay replaced Google Wallet — now it’s going away to make room for Google Wallet
A former Gizmodo writer changed his name to ‘Slackbot’ and stayed undetected for months
Google apologizes for ‘missing the mark’ after Gemini generated racially diverse Nazis
Spotify HiFi is still MIA after three years, and now so is my subscription