Identity Management company Okta suffered a data breach in the Fall of 2023 in which its support case management system was penetrated, affecting 134 of its 18,400 customers. The unauthorized intruder gained access to Okta’s systems from September 28 to October 17, 2023, and ultimately accessed HAR files containing session tokens that could be used for session hijacking attacks. Further details came out in November 2023 about the severity of the attack.
The threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers, including 1Password, BeyondTrust, and Cloudflare. Okta has since revoked the session tokens embedded in the HAR files shared by the affected customers and disabled the compromised service account. It has also blocked the use of personal Google profiles within enterprise versions of Google Chrome, preventing its employees from signing in to their personal accounts on Okta-managed laptops.