Okta support system breach highlights need for strong MFA policies

Attackers managed to breach identification and entry administration firm Okta’s assist system utilizing stolen credentials and extracted legitimate buyer session tokens from uploaded assist recordsdata, in keeping with a report by the agency.

The sturdy multifactor authentication (MFA) insurance policies enforced by one of many firm’s impacted prospects allowed it to detect the unauthorized entry, block it, and report the breach to Okta.

“Throughout the course of regular enterprise, Okta assist will ask prospects to add an HTTP Archive (HAR) file, which permits for troubleshooting of points by replicating browser exercise,” David Bradbury, Okta’s chief safety officer, mentioned in a weblog submit. “HAR recordsdata also can include delicate information, together with cookies and session tokens, that malicious actors can use to impersonate legitimate customers.”

The incident was uncovered by safety engineers from BeyondTrust, an identification and entry safety options supplier, whose in-house Okta administrator account was hijacked. Coverage controls put in place by the corporate’s safety crew blocked a suspicious authentication try from an IP handle in Malaysia.

The attacker was prompted for MFA authentication

BeyondTrust’s coverage within the Okta surroundings was to solely permit entry to the Okta admin console from managed gadgets on which had been put in Okta Confirm, a multifactor authentication software developed by Okta. Due to this coverage, the attacker was prompted for MFA authentication once they tried to entry the admin console, although the token they stole offered them with a sound session.

“It’s important for Okta prospects to boost safety insurance policies by settings similar to prompting admin customers for MFA at each sign-in,” the BeyondTrust safety crew mentioned in an advisory. “Whereas this was inside an present session the attacker hijacked, Okta nonetheless views dashboard entry as a brand new sign-in and prompts for MFA.”