
image credit: adobe stock
A breach of Okta’s support case management system using a stolen credential allowed attackers to access sensitive files uploaded by the identity security giant’s customers.
The San Francisco-based company said the threat actor could view files uploaded by some customers as part of recent support cases, Okta Chief Security Officer David Bradbury wrote in a blog post Friday. Privileged access management firm BeyondTrust, an Okta client, first raised concerns about a breach Oct. 2 but didn’t receive any notice that a compromise had occurred until Thursday.