Okta breach happened after employee logged into personal Google account

Okta has revealed details about a recent breach which exposed files belonging to customers. As Malwarebytes explained in their article about 1Password being a victim of this breach, it’s normal for Okta support to ask customers to upload a file known as an HTTP Archive (HAR) file. Having this file allows the team to troubleshoot issues by replicating what’s going on in the browser. As such, a HAR file can contain sensitive data, including cookies and session tokens, that cybercriminals can use to impersonate valid users.

After 1Password, BeyondTrust, and Cloudflare detected unauthorized log-in attempts to their in-house Okta administrator accounts, they reported the incidents to Okta who started an investigation.

Read more…
Source: Malwarebytes Labs