Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Okta Enforces New Security Protocols After Session Hijack Strikes
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Okta Enforces New Security Protocols After Session Hijack Strikes

Highlights

  • In a significant security incident, Okta, a leading identity and authentication management provider, disclosed a breach impacting 134 of its customer base. This breach, occurring between September 28 and October 17, 2023, involved unauthorized access to session tokens through HAR files, potentially enabling session hijacking attacks. ContentsBreach BreakdownRoot of the BreachOkta’s ResponseStrengthened Measures Breach Breakdown […]
Bilgesu Erdem
Last updated: 20 November, 2023 - 9:46 am 9:46 am
Bilgesu Erdem 2 years ago
Share
SHARE

In a significant security incident, Okta, a leading identity and authentication management provider, disclosed a breach impacting 134 of its customer base. This breach, occurring between September 28 and October 17, 2023, involved unauthorized access to session tokens through HAR files, potentially enabling session hijacking attacks.

Contents
Breach BreakdownRoot of the BreachOkta’s ResponseStrengthened Measures

Breach Breakdown

An adversary exploited these tokens to compromise the legitimate sessions of five Okta customers, including known entities such as 1Password, BeyondTrust, and Cloudflare. The initial anomaly was reported by 1Password shortly after the breach window opened. Okta’s Chief Security Officer, David Bradbury, acknowledged the breach on October 20, revealing that stolen credentials provided access to Okta’s support case management system.

Root of the Breach

A deeper look into the breach’s mechanics uncovered that a service account within Okta’s customer support system was misused. This account, which had elevated privileges to modify customer support cases, was linked to an employee’s personal Google account. This connection suggests that the employee’s compromised personal account was the likely source of the breach.

Okta’s Response

In reaction to these events, Okta has nullified the affected session tokens and terminated the compromised service account. The company has also blocked the use of personal Google profiles on corporate versions of Chrome, curtailing the ability of employees to access personal accounts on Okta-managed devices.

Strengthened Measures

To further secure its platform against similar threats, Okta has introduced a session token binding feature that prompts administrators for re-authentication when a network change is detected. This feature is available to customers via the Okta admin portal.

The incident was followed by an unrelated breach of Okta’s healthcare coverage vendor, which exposed sensitive information of thousands of Okta employees. These compounded security challenges have catalyzed Okta to bolster its defense mechanisms and implement stringent measures to protect against sophisticated cyber threats.

In a broader context, Google has also reported an increase in threat actors leveraging cloud services to conduct malicious activities. One such method involves using Google Calendar as a conduit for command-and-control operations, highlighting the inventive ways adversaries exploit legitimate services to bypass traditional security defenses.

Together, these incidents underscore the ongoing battle between cyber security measures and the persistent ingenuity of threat actors. Companies like Okta and Google continue to refine their strategies in response to evolving tactics, emphasizing the need for constant vigilance and proactive defense in the digital security landscape.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

Authorities Disrupt DanaBot Cybercrime Network with Global Effort

Global Operation Disrupts 10 Million Device Malware Network

Russian Cyber Group Targets Western Firms Supporting Ukraine

Global Operation Strikes Lumma Stealer’s Core Infrastructure

US Telecom Faces Ongoing Battle with Salt Typhoon Hackers

Share This Article
Facebook Twitter Copy Link Print
By Bilgesu Erdem
Bilgesu graduated from Ankara University, Faculty of Communication, Department of Radio, Television and Cinema. After working as a reporter for various television channels and a newspaper, Bilgesu is currently working as a content editor at Newslinker. She loves technology and animals.
Previous Article ESA Confronts Delays and Seeks Unity in Space Ambitions at Seville Summit
Next Article Revolutionizing Prompt Engineering: Introducing xAI’s PromptIDE

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Artedrone Innovates Stroke Treatment with Sasha Microrobot System
Robotics
Google Fast-Tracks AI Innovations in Latest Conference
Gaming
FCC Boosts Anti-Robocall Tactics Amid Growing Concerns
Technology
Hyundai Tests AI EV Charging Robot at Incheon Airport
Electric Vehicle
Embracer Reshapes Its Gaming Empire with Strategic Moves
Gaming
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?