Okta, an id and entry administration providers supplier, disclosed that its buyer help case administration system was just lately compromised, exposing delicate buyer information together with cookies and session tokens. Attackers may doubtlessly use the knowledge to impersonate legitimate customers contacting help.
The client help case administration system is separate from the Okta service itself and the incident solely impacted prospects with latest help instances, the corporate’s Chief Safety Officer David Bradbury pressured in a weblog put up on Oct. 20. Impacted prospects have been notified, he mentioned.
“Okta has labored with impacted prospects to analyze, and has taken measures to guard our prospects, together with the revocation of embedded session tokens,” Bradbury added.
In its weblog put up, Okta listed IP addresses and user-agents that safety groups can use of their risk searching efforts.
The announcement comes after Okta was recognized because the preliminary assault vector in latest twin cyberattacks on MGM Resorts and Caesars Leisure.