Okta-hack laat zien hoe kwetsbaar digitale authenticatie is

Okta hack shows how vulnerable digital authentication is

October 30, 2023

In recent days, it has become clear how a hack on Okta has major implications for the company's customers. This is because the data captured allows cybercriminals to log into customers' systems. In addition, it shows once again how vulnerable our digital identities are.

Earlier this week, Okta reported that data was stolen from its customer service ticket system. However, the data that was captured contains highly sensitive data, which cybercriminals can now also easily access systems of Okta's customers.

Okta is a so-called identity and access management (IAM) solution, a competitor to Microsoft (Azure) Active Directory, for example. Okta manages the address book of companies that includes all employees and their login credentials. As soon as an employee tries to log in somewhere, that session is checked by Okta. So it is a crucial component in a corporate network.

Smart hack on customer service (help desk)

As with all software solutions, sometimes things go wrong and as an organization you need support. For example, to find out why something is not working properly with a certain group of users or in a browser session. This also applies to Okta's customers, and they can turn to the company's customer service department for that.

With problems such as those described earlier, it is often easiest when the customer service representative at Okta can replicate the problem, or in other words, experience for themselves where things may be going wrong. Okta asks then often to upload a so-called HTTP Archive (HAR) file. These files contain browser history, sessions and cookies. This allows the customer service agent to then recreate what the user is trying to do and where things go wrong.

Access to sessions and cookies

However, hackers have now succeeded in using phishing to gain access to Okta's customer service system and were able to download customer-supplied HAR files as a result. Then the cybercriminals searched all those HAR files for sessions and cookies and are now trying to use them to access customers' systems.

The likes of 1Password and Cloudflare have already disclosed that they have detected malicious activity traceable to HAR files at Okta. However, chances are that this is just the tip of the iceberg.

Okta states that it normally recommends deleting all cookies and session tokens in HAR files before sharing them. In practice, this probably doesn't happen often, as customers seek a solution to their problem and Okta is a trusted vendor.

Vulnerability of online authentication

It eventually took several weeks for Okta to realize exactly what happened. Okta customers saw much earlier how malicious tried to get in or got in and tried to modify their permissions, which still caught them. Okta has since contacted customers who provided HAR files that may have been captured.

More important about this story is that it shows how vulnerable online authentication really is. Once cybercriminals manage to gain access to sessions and cookies, they can mimic the customer's browser session and gain themselves access to all sorts of online systems. Some SaaS providers have some additional safeguards for this, but many do not.

We share this article from techzine, to bring attention to such hacks. After all, the consequences for those affected are super big.

Recent blogs

Blog

Apple 50 Years: 50 Years of Daring to Think Differently

This year, Apple celebrates its 50th anniversary. A milestone that cannot simply be overlooked. Because whether you are a fan or not: Apple has permanently changed the way we work, communicate, and create. At Analyst ICT, we are proud to be part of this ecosystem. As an Apple Technical Partner, we work daily with technology that is not only powerful but, above all, logical and pleasant to use. A different perspective on technology Apple has always distinguished itself by one simple conviction: technology should help people, not hinder them. No unnecessary complexity, but simplicity and ease of use. That aligns seamlessly...

Blog

Why saving passwords in your browser is not a good idea

The blog post below was created in response to a question during our engineering meeting. Every two weeks, we get together with all of our technical staff to discuss the latest developments in technology or with clients. Good client questions also arise during these meetings, such as this one. Time to do some research. Thank you, Wiebe! You've probably experienced this: you log in to a website, and your browser asks if it should remember your password. Convenient, fast, and you don't have to remember anything. However, there's a risk involved. In practice, we see that many security incidents start with something small. Like saving passwords…

Blog

Apple is taking a big step with Apple Business

Apple announced something special this week. Not a new device, but something that might be even more interesting for many organizations: Apple Business. A completely new platform with which Apple brings all its business services together in one environment. And frankly: this is a development that we at Analyst ICT are following with great interest. The problem: fragmented tools and unnecessary complexity Many organizations working with Apple will recognize the problem: Multiple portals (Apple Business Manager, Business Essentials, Connect) Different tools for management, branding, and support Additional costs for basic functionalities such as device management This leads to a lack of clarity and costs time. And…

Okta hack shows how vulnerable digital authentication is

Smart hack on customer service (help desk)

Access to sessions and cookies

Vulnerability of online authentication

Recent blogs

Apple 50 Years: 50 Years of Daring to Think Differently

Why saving passwords in your browser is not a good idea

Apple is taking a big step with Apple Business

A newsletter

Superlogic right?

Contact

Direct to

About us

What we do