Cybersecurity

5985 readers

54 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Okta defends 2-week gap in response to identity token theft, says 134 customers affected (therecord.media)

submitted 1 year ago by [email protected] to c/cybersecurity

1 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 1 year ago

In a new blog post on Friday, the identity management company said that from September 28, to October 17, a threat actor “gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers.”

Oh, that doesn't seem bad.

“The threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers,” the company said, noting that three of the customers — password manager 1Password, access management firm BeyondTrust and internet security company Cloudflare — have already come forward with their own reports about what happened.

Wait, each customer each individually could be holding millions of passwords. Well yikes.