Okta Suffered a Security Breach: Important Customer Information Affected


Share post:

73 / 100

Identity and session management provider Okta experienced a security breach affecting 134 of its customers. In this breach, which took place between September 28 and October 17, 2023, session hijacking attacks became possible thanks to unauthorized access through HAR files.

This breach resulted in the misuse of legitimate logins of five Okta customers, including well-known companies like 1Password, BeyondTrust, and Cloudflare. 1Password reported the anomaly shortly after the breach window opened. Okta’s Chief Security Officer David Bradbury acknowledged the breach on October 20, explaining that the stolen credentials provided access to Okta’s support management system.

Further investigation of this breach revealed that a service account belonging to Okta’s customer support system had been misused. This account, which had the authority to modify customer support cases, was linked to an employee’s personal Google account. This link suggests that the employee’s personal account is the likely source of the breach.

In response to the incidents, Okta invalidated the affected session tokens and closed the compromised service account. The company also blocked personal Google profile use in corporate versions of Chrome to restrict employees’ access to personal accounts on Okta-managed devices.


To make its platform more secure against similar threats, Okta introduced a session token binding feature that prompts administrators to re-authenticate when a network change is detected. This feature is available to customers through the Okta admin portal. This incident followed an unrelated breach by Okta’s healthcare provider that exposed sensitive information of thousands of Okta employees. This combination of security issues has led Okta to strengthen its defense mechanisms and take stringent measures to protect against sophisticated cyber threats.




Please enter your comment!
Please enter your name here

Related articles

The countdown has begun for Google I/O 2024: Here are the innovations expected to be introduced

The Google I/O 2024 event is expected to take place on May 14. Innovations coming to Pixel 8a, Pixel...

Google Launches Artificial Intelligence Tool for Users to Practice English

Google is testing a new “Speaking Practice” feature in Search that helps users improve their spoken English skills . The company...

Shopify review: The #1 e-commerce software in 2024?

Shopify is clearly the most complete e-commerce software on the market. No matter your goals, if you simply...

Webflow vs Framer – Which visual development tool is best for your website?

Webflow vs Framer in brief Webflow is ideal for designing complex websites, while Framer is perfect for creating mobile...