Okta Says Hackers Gained Access to 134 Customers' Files
Apple warns Armenians of state-sponsored hacking, Treasury sanctions Russian businesswoman for cybercrime crypto help, SWAT USA Drops leader ID'ed, Infosys USA arm reports cyber incident, much more
Check out my latest piece for README on the rise of hacktivism and how it blurs the lines between civilian and military threat actors.
Identity and access management company Okta revealed that attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens.
Okta said a threat actor gained unauthorized access to files inside Okta's customer support system associated with 134 customers, or less than 1% of its customers. "Some of these files were HAR files that contained session tokens which could, in turn, be used for session hijacking attacks. The threat actor used these session tokens to hijack the legitimate Okta sessions of 5 customers, 3 of whom have shared their own response to this event,” Okta said.
The threat actors used credentials for a support service account stolen from an employee's personal Google acc…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.