Okta-hack laat zien hoe kwetsbaar digitale authenticatie is

Okta hack shows how vulnerable digital authentication is

October 30, 2023

In recent days, it has become clear how a hack on Okta has major implications for the company's customers. This is because the data captured allows cybercriminals to log into customers' systems. In addition, it shows once again how vulnerable our digital identities are.

Earlier this week, Okta reported that data was stolen from its customer service ticket system. However, the data that was captured contains highly sensitive data, which cybercriminals can now also easily access systems of Okta's customers.

Okta is a so-called identity and access management (IAM) solution, a competitor to Microsoft (Azure) Active Directory, for example. Okta manages the address book of companies that includes all employees and their login credentials. As soon as an employee tries to log in somewhere, that session is checked by Okta. So it is a crucial component in a corporate network.

Smart hack on customer service (help desk)

As with all software solutions, sometimes things go wrong and as an organization you need support. For example, to find out why something is not working properly with a certain group of users or in a browser session. This also applies to Okta's customers, and they can turn to the company's customer service department for that.

With problems such as those described earlier, it is often easiest when the customer service representative at Okta can replicate the problem, or in other words, experience for themselves where things may be going wrong. Okta asks then often to upload a so-called HTTP Archive (HAR) file. These files contain browser history, sessions and cookies. This allows the customer service agent to then recreate what the user is trying to do and where things go wrong.

Access to sessions and cookies

However, hackers have now succeeded in using phishing to gain access to Okta's customer service system and were able to download customer-supplied HAR files as a result. Then the cybercriminals searched all those HAR files for sessions and cookies and are now trying to use them to access customers' systems.

The likes of 1Password and Cloudflare have already disclosed that they have detected malicious activity traceable to HAR files at Okta. However, chances are that this is just the tip of the iceberg.

Okta states that it normally recommends deleting all cookies and session tokens in HAR files before sharing them. In practice, this probably doesn't happen often, as customers seek a solution to their problem and Okta is a trusted vendor.

Vulnerability of online authentication

It eventually took several weeks for Okta to realize exactly what happened. Okta customers saw much earlier how malicious tried to get in or got in and tried to modify their permissions, which still caught them. Okta has since contacted customers who provided HAR files that may have been captured.

More important about this story is that it shows how vulnerable online authentication really is. Once cybercriminals manage to gain access to sessions and cookies, they can mimic the customer's browser session and gain themselves access to all sorts of online systems. Some SaaS providers have some additional safeguards for this, but many do not.

We share this article from techzine, to bring attention to such hacks. After all, the consequences for those affected are super big.

Recent blogs

Blog

What are quantum computers? And why is everyone suddenly talking about them?

Chances are you've been hearing more and more about quantum computers in recent months. In the news, on LinkedIn, or perhaps even during conversations about AI and cybersecurity. Especially now that a Dutch chip developer is gaining global attention with a new generation of quantum chips, the technology suddenly seems closer than ever. But what exactly is a quantum computer? And why is so much expected of it? From Ordinary Computer to Quantum Computer To understand quantum computers, it's helpful to first look at how a normal computer works. A traditional computer — like your laptop or server — works with bits. A…

Blog

With our feet in the mud

Here we are. Not quite recognizable anymore, thanks to AI trying to protect children. Understandable, of course. But believe us: these really are Berry and Frank. More than ten years apart, but in reality, we've always been brothers from another mother. And what do we have in common? A lot... and at the same time, almost nothing. Berry is often the good cop. Calm, down-to-earth, and always working to get things done. I'm usually the bad cop. Direct, critical, and always looking for ways to improve. But that combination is precisely what works. What completely unites us, though, is our love for...

Blog

MacAdmins Meeting: What's relevant for your organization?

Last week, we attended the MacAdmins Meeting in Leiden. It's a gathering focused on Apple administration, security, and innovation. What stood out? Developments are moving fast. But more importantly: they are becoming increasingly relevant for SMEs. We'd like to share the key insights with you. What's happening? And what does that mean for your organization? Running AI Locally: Control Over Data and Costs AI is now everywhere. But one question remains central: where does your data reside? A significant topic during the meeting was running AI models (LLMs) locally. Instead of relying on external cloud platforms, more and more...

Okta hack shows how vulnerable digital authentication is

Smart hack on customer service (help desk)

Access to sessions and cookies

Vulnerability of online authentication

Recent blogs

What are quantum computers? And why is everyone suddenly talking about them?

With our feet in the mud

MacAdmins Meeting: What's relevant for your organization?

A newsletter

Superlogic right?

Contact

Direct to

About us

What we do