Costly Impact of the Okta Support Breach
The Kiteworks-enabled Private Content Network allows customer support organizations to protect sensitive content sent, received, and stored with custo

Costly Impact of the Okta Support Breach

In late October 2023, identity management leader Okta disclosed a data breach involving its customer support system. The breach exposed highly sensitive customer data and credentials, highlighting the immense risks of modern customer support platforms. While Okta’s core authentication service was not impacted, the support breach enabled access to confidential customer information. This incident serves as an urgent wake-up call for all companies to lock down their customer support systems.

Organizations can request a custom-tailored demo of the Kiteworks-enabled Private Content Network.

How the Breach Occurred

According to details from cybersecurity researchers, hackers obtained the login credentials for an Okta customer support account through an undisclosed prior breach. Possessing these stolen credentials enabled the criminals to directly access Okta's online customer support portal and view uploaded customer files.

The primary way the hackers extracted sensitive data was by downloading customer HTTP archive (HAR) files attached to support tickets. HAR files contain detailed recordings of user browser sessions and are commonly shared with support reps to replicate and troubleshoot issues. However, these files can include extremely sensitive information like authentication cookies, API keys, usernames, passwords, and proprietary application code.

With access to customer HAR files, the hackers obtained active session cookies, API keys, and other credentials. This allowed them to impersonate real users and break into confidential customer systems and data by leveraging Okta’s trusted access.

End-to-end encryption is critical for organizations seeking to protect data at rest and in transit in today's digital world per this eBook.

How the Breach Was Detected

The breach was first reported by Okta customer BeyondTrust on October 2. BeyondTrust detected unauthorized access attempts to their Okta administrator account using a valid stolen session cookie found in a breached HAR file. Another impacted Okta customer, Cloudflare, discovered the hackers abused stolen API keys from an employee’s HAR file to improperly access some of its systems.

Risk of Third-party Breaches

This breach highlights the growing dangers of supply chain cyberattacks, which have become a prime vector for hackers. Research shows third-party breaches often incur higher costs than average attacks. Suppliers frequently have extensive access to customer networks, data, and applications. Once inside a vendor’s systems, attackers can leverage trusted access pathways to quietly move laterally and infiltrate downstream customers. Since this access originates from a legitimate third party, it can bypass security controls. 

Why Modern Support Systems Are at Risk

The Okta breach underscores the immense risks involved with modern customer support systems, which handle extremely sensitive data, including:

  • Personally identifiable information (PII) for customers like names, addresses, and account details that can enable identity theft or violate data privacy regulations 
  • Source code, IP, and other proprietary data that can be stolen and abused 
  • Employee credentials like passwords and API keys that can be hijacked to breach corporate systems
  • HR records, financial documents, strategic plans, and other sensitive internal data that can lead to lawsuits or competitive harm if exposed
  • System credentials like session cookies and API keys that allow criminals to impersonate users and access confidential systems and data

Best Practices to Secure Support Systems

To prevent breaches involving customer support, leading practices include:

  • Encrypting all content transmitted and stored within support systems using military-grade standards like AES-256 to render breached data useless 
  • Implementing granular access controls to enforce least-privilege access to confidential data based on user roles and content attributes 
  • Logging all user, content, and system activity to detect misuse and fulfill compliance obligations
  • Integrating support platforms with existing tools like email and CRM to avoid risky manual workarounds
  • Maintaining rigorous third-party security audits and certifications to validate compliance with standards like SOC 2 Type II, ISO 27001, 27017, and 27018, FedRAMP Authorized, Cyber Essentials Plus, and more

Way Forward After the Breach

The Okta customer support breach provides a sobering case study of how hackers are increasingly targeting trusted third-party access to infiltrate downstream customers. All companies must learn from this incident and take action to lock down their own customer support systems. Follow security best practices around encryption, access controls, activity monitoring, compliance audits, and seamless application integrations. With the right sensitive content communications platform, customer support teams can be equipped to provide great service without putting troves of confidential data at risk.

For more information on the Kiteworks-enabled Private Content Network and how Customer Support organizations can leverage it, click here.

Alexandre BLANC Cyber Security

Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored

1y

It's another learning occasion. I think this should remind the long path toward security and privacy by default and by design that we need to achieve to even consider building trust with technoloyg. One of the avenues here would be to look toward "zero knowledge encryption", so as the content can't be exploited ever. HAR file was one of the main information leak leading to the larger impact. Sadly, we see the cloud eager to monetize all aspects of the collected data, but in fact, this is triggering way more damages than benefits.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics