Okta, an identification and entry administration companies supplier, disclosed that its buyer assist case administration system was just lately compromised, exposing delicate buyer information together with cookies and session tokens. Attackers might doubtlessly use the data to impersonate legitimate customers contacting assist.
The client assist case administration system is separate from the Okta service itself and the incident solely impacted prospects with latest assist circumstances, the corporate’s Chief Safety Officer David Bradbury pressured in a weblog submit on Oct. 20. Impacted prospects have been notified, he mentioned.
“Okta has labored with impacted prospects to research, and has taken measures to guard our prospects, together with the revocation of embedded session tokens,” Bradbury added.
In its weblog submit, Okta listed IP addresses and user-agents that safety groups can use of their risk searching efforts.
The announcement comes after Okta was recognized because the preliminary assault vector in latest twin cyberattacks on MGM Resorts and Caesars Leisure.
