Last week, identity and access management company Okta disclosed a hack of its support system, an incident that has now knocked more than $2 billion from the company’s market cap and caused its stock to drop more than 11%. Here are a few things to know about the cybersecurity breach.
What is Okta?
Okta is a cloud-based service that allows IT at a company to manage applications of devices that an employee might have access to.
How did the hackers pull this off?
The attackers were able to view files that had been uploaded by a limited number of Okta customers. The files in question were uploaded during recent support cases. Okta says the attack only impacted its support case management and did not impact the Okta service, which remains operational.
Hackers were able to gain access to stolen credentials through HTTP Archive (HAR) files uploaded by users for troubleshooting purposes. Those files can often include session tokens and cookies, and the hackers were able to use those to impersonate valid users.
Why does this seem familiar?
The company’s products have been tied to recent high-profile hacks of both Caesars Entertainment and the MGM lines of casinos in Las Vegas. Caesars ultimately paid out a ransom of $15 million to the hackers to regain control of its systems while MGM refused to pay the ransom and instead shut down several critical systems, including its electronic key card systems, reservation and booking systems, and even the casino floor. The company has since acknowledged the direct and indirect costs of the attack would cost it more than $100 million.
Okta also made headlines for a cyberattack last year.
Are any notable companies impacted this time?
Okta has more than 18,000 customers. One of the companies impacted by the hack was password management company 1Password, which is currently used by more than 100,000 businesses and individuals. 1Password says that it detects suspicious activity on its Okta instance, which is used to manage employee-facing apps. After a “thorough investigation,” 1Password says that it concluded that no user data was accessed.
