Okta Breach: Threat Actors Use Stolen Credentials to Access Its Support System

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

San Francisco-based identity and access management firm Okta disclosed a new security breach incident by unknown threat actors. Using stolen employee credentials, the hackers accessed its support management system to steal sensitive user information.

Okta’s Chief Security Officer (CSO), David Bradbury in an advisory revealed few details about the incident, including customer browser files accessed by the hacker. ‘’The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,’’ Bradbury stated .

‘’It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted,’’ he continued.

Bradbury further revealed that Okta’s case management system, Auth0/CIC was not impacted by this incident, and it had notified customers whose Okta environment or support tickets were exposed during the breach.

The advisory also revealed few details about the type of information stored in the support case management system. ‘’Okta support will ask customers to upload an HTTP Archive (HAR) file, which allows for troubleshooting of issues by replicating browser activity,’’ the advisory explained. These HAR files contain sensitive information like cookies and session tokens, which can be used to hack valid accounts.

To stem the adverse impact resulting from the incident, Okta is working with its customers, including revocation of embedded session tokens.

Although, the company did not disclose the scale of impact or number of affected customers. BeyondTrust, Cloudflare and 1Password are some of the customers that were impacted by this support system breach.

BeyondTrust, an identity security platform revealed that it had first notified Okta on October 2, about the security breach; however, Okta did not confirm the incident until October 19.

In the past two years, Okta has been on the radar of various threat actors, owing to its clientele that includes some of the largest companies in the world.

Casio Data Breach Affects Thousands of ClassPad Customers

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Leading Japanese electronics manufacturer, Casio Computer disclosed a data breach incident affecting its customers from 149 countries and regions. The incident compromised personal information of some ClassPad customers.

ClassPad.net is an education platform of the company, and an attacker is said to have leveraged a security-related vulnerability in a database of its development environment. Thus, successfully managing to steal stored customer information, including names, email addresses, country/region of residence, service usage details, and purchasing information such as payment method, license code, order details, etc.

The incident was first detected by Casio on October 11 when an employee discovered a database failure while attempting to work in the development environment. On further investigation, Casio found that personal information of some users was accessed on October 12.

The leaked information is said to contain 91,921 items belonging to customers in Japan (including individuals and 1,108 educational institution customers), and 35,049 items belonging to users from 148 countries and regions.

“At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management,” the notice said .

‘’Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access,’’ continued Casio.

It also confirmed that no banking or credit card information was accessed, and the ClassPad app remained operational as the hacker had not infiltrated the system beyond the compromised database.

In order to mitigate the breach-related risks, the company stated that it would continue to strengthen technical safety measures. To prevent future similar incidents, it would provide security training to employees and deploy needed security measures.

Additionally, Casio will be working with external security specialist companies and external law firms to analyze and implement countermeasures to limit the breach’s impact. The incident was also reported to Japan’s Personal Information Protection Commission.