How the Okta Customer Support Hack Exposed Sensitive Data and Access Credentials

How the Okta Customer Support Hack Exposed Sensitive Data and Access Credentials

Identity management leader Okta disclosed on October 21 a breach involving its customer support system. The company revealed that when troubleshooting issues with customers, it often would ask for a recording of a web browser session. These are sensitive files, as they include customer cookies and session tokens, which malicious actors accessed using a stolen credential.

As customer support teams regularly handle extremely sensitive information from both internal and external users, the hack of Okta’s customer support system is a good reminder for organizations to ensure all customer support files containing sensitive customer content are governed and protected with comprehensive tracking, controls, and security. When this data is not properly secured and shared over communication channels that can be compromised, it can lead to damaging compliance violations, lawsuits, and harm to individuals.

Some of the risks include:

Personal Customer Data Exposed. Support tickets, live chat transcripts, and emailed content often contain personal information like names, addresses, account details, etc. This data can be leveraged for identity theft or sold on the dark web if not properly encrypted. Proper security is crucial for compliance with regulations like GDPR, CCPA, HIPAA, and others.

Source Code and IP Vulnerable. Development and engineering teams will often share proprietary source code and other intellectual property with support reps to investigate bugs and other issues. This extremely valuable data must be safeguarded from theft and abuse by hackers with granular access controls.

Employee Credentials at Risk. Usernames, passwords, API keys, tokens, and other credentials are frequently shared over customer support channels for troubleshooting purposes. Multi-factor authentication provides an important layer of protection against attackers hijacking these credentials.

Sensitive Internal Data Exposed. HR records, financial documents, customer lists, strategic plans, and more are commonly handled by support reps. This sensitive internal data can lead to lawsuits and competitive harm if improperly secured and breached.

System Access Leads to Breaches. As shown in recent breaches, access credentials like session cookies and API keys extracted from support files can allow criminals to easily impersonate users and break into confidential systems. Encryption is essential.

How Hackers Gained Access to Okta’s Support Portal

Based on details from cybersecurity researchers, the hackers were able to obtain the login credentials for an Okta customer support account through a previously undisclosed breach. With access to this compromised account, the criminals could directly log into Okta’s online customer support portal and view support tickets and files uploaded by Okta’s clients. It is important to note here that the compromised support management system is separate from Okta’s production service that is fully operational and was not impacted by the customer support system breach.

The main way the hackers extracted sensitive customer information from Okta’s customer support system was by downloading HTTP archive (HAR) files attached to support cases.

HAR files are essentially recordings of browser sessions that are often shared with support reps to replicate and troubleshoot technical issues. These files can contain extremely sensitive information, including:

  • Authentication cookies
  • API keys and access tokens
  • Usernames and passwords
  • PII like names, addresses, etc.
  • Proprietary application code
  • Strategic documents and communications

With access to customer HAR files, the bad actors obtained active session cookies, API keys, and other credentials. They then were able to impersonate real users and gain access to confidential systems and data from Okta’s clients.

How the Okta Breach Was Discovered

The breach was originally reported by BeyondTrust on October 2. The incident began when BeyondTrust detected an attack trying to access an in-house Okta administrator account trying to use a valid stolen session cookie. BeyondTrust detected the attackers hijacking an active user session from a support HAR file to attempt to create backdoor administrative access to their Okta portal. Another impacted customer, Cloudflare, found that the hackers used stolen API keys from an employee’s HAR file to improperly access some of its systems.

The breach of the Okta customer support system highlights the growing risk of supply chain cyberattacks and why supply chain attacks have become a prime vector for cybercriminals. IBM’s 2023 Cost of a Data Breach Report found that 12% of data breaches in the prior year involved the software supply chain. At the same time, 15% of breaches involved third-party business partners, with business partner breaches incurring almost 12% higher cost than the average data breach.

Why are these data breaches worse? Suppliers and vendors frequently have broad access privileges to customer networks, data, and applications. This makes them an attractive stepping-stone for hackers to infiltrate target organizations. Once inside a vendor or supplier’s systems, attackers can leverage trusted access pathways to easily move laterally and quietly compromise downstream customers. Since this access originates from a legitimate third party, it can more easily evade security controls. In addition, with software supply chain attacks, malicious actors can gain access to hundreds or even thousands of company systems and data.

Okta Customer Support Breach

Why Modern Support Platforms Must Be Secured

This breach highlights the immense risks involved with customer support systems in 2023. Modern customer support teams handle incredibly sensitive information from both internal and external users. Just some of the risks include:

Personal Customer Data Exposed

Support tickets, live chat transcripts, and emailed content often contain personal information like names, addresses, account details, etc. This data can be leveraged for identity theft or sold on the dark web. Proper encryption is crucial for compliance with regulations like GDPR, CCPA, HIPAA, and others.

Source Code and IP Vulnerable

Development and engineering teams will often share proprietary source code and other intellectual property with support reps to investigate bugs and other issues. This extremely valuable data must be safeguarded from theft and abuse by hackers.

Employee Credentials at Risk

Usernames, passwords, API keys, tokens, and other credentials are frequently shared over customer support channels for troubleshooting purposes. Attackers can leverage these to gain access to internal corporate systems and data. Multi-factor authentication provides an extra layer of protection to mitigate stolen credentials.

Sensitive Internal Data Exposed

HR records, financial documents, customer lists, strategic plans, and more are commonly handled by support reps. This sensitive internal data can lead to compliance violations, lawsuits, and competitive harm if improperly secured and breached.

System Credentials Open Doors

As shown in this Okta breach, access credentials like session cookies and API keys extracted from support files can allow criminals to easily impersonate users and break into confidential systems. Encryption of this data is essential.

Essential Security Capabilities for Customer Support

To prevent breaches involving customer support systems, organizations need solutions that incorporate:

Complete Content Encryption

All content transmitted and stored within customer support platforms should be encrypted end-to-end using strong standards like AES-256. This provides a critical safety net if systems are compromised by attackers.

Granular Access Controls

Fine-grained access controls on content allow companies to enforce least-privilege access on a need-to-know basis. This limits damage in the event employee credentials are stolen.

Comprehensive Activity Logging

Detailed logs recording all access, sharing, downloads, deletions, etc., on customer support platforms are essential for detecting misuse and fulfilling compliance reporting requirements.

Native App Integrations

Seamless integrations with commonly used tools like email, Salesforce, Slack, Zendesk, and others enable secure content workflows without changing user processes. Bolt-on tools lead to risky workarounds.

Valid Compliance Certifications

Up-to-date audits like SOC 2, ISO 27001, FedRAMP, and HIPAA demonstrate that platforms meet rigorous security standards for handling sensitive data.

How Kiteworks Secures Sensitive Customer Support Content

Kiteworks offers a purpose-built content communications platform engineered to provide stringent security controls tailored for modern customer support teams. Following are some of the core capabilities:

Best-in-Class Encryption Safeguards Data

Kiteworks leverages industry-leading AES-256-bit encryption to secure customer support communications both in transit and at rest. This military-grade encryption essentially renders breached content useless and unreadable to unauthorized parties. Kiteworks manages encryption keys in a highly secure proprietary manner. All encryption operations are handled entirely on the customer’s own infrastructure for optimal security.

Granular Access Policies Limit Data Exposure

Kiteworks enables admins to configure contextual access policies based on user roles, content attributes, and other variables. This allows precise restrictions on access to confidential data based on the principle of least privilege. For example, policies can restrict which support reps can view certain types of sensitive customer information or internal documents based on their jurisdiction, clearance level, case type, and other factors. This minimizes damage if credentials are compromised.

Comprehensive Activity Audit Logs Detect Threats

Kiteworks automatically logs all user, content, and system activity within the platform, creating full audit logs. This empowers organizations to monitor access to sensitive communications and fulfill compliance reporting requirements. Audit logs record sensitive operations like content uploads, downloads, deletions, policy changes, logins, and permission changes. Alerts automatically flag suspicious activity for investigation.

Tight Integration With Existing Systems

The Kiteworks platform has deep integration with Salesforce Service Cloud and other enterprise applications. This allows seamless customer support workflows without disruption. Support reps can efficiently share communications directly within familiar tools without risky manual workarounds like downloading and re-uploading sensitive content that can expose data.

Rigorously Audited for Security Compliance

Kiteworks maintains rigorous third-party audits and certifications including FedRAMP, IRAP, SOC 2 Type II, HIPAA, ISO 27001, and PCI DSS to validate its security posture. Customers can verify Kiteworks meets extensive controls for protecting sensitive data. Compliance reports provide transparency into relevant security policies, procedures, and controls. Customers can provide these reports to auditors, regulators, and partners to demonstrate rigorous data safeguards.

Modern Customer Support for Sensitive Data Communications

The Okta breach provides a sobering reminder of the immense risks customer support platforms create when handling highly confidential customer data, source code, credentials, and other sensitive information. Modern solutions like Kiteworks’ are purpose-built to lock down these channels from unauthorized access by providing military-grade encryption, granular access controls, activity monitoring, security certifications, and private on-premises infrastructure. By leveraging these technologies, companies can securely equip customer support teams with the tools they need to provide great service without exposing troves of sensitive data.

To see the Kiteworks platform in action, schedule a custom-tailored demo today.

Additional Resources

 

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.

Lancez-vous.

Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Comienza ahora.

Es fácil empezar a asegurar el cumplimiento normativo y gestionar los riesgos de manera efectiva con Kiteworks. Únete a las miles de organizaciones que confían en su plataforma de comunicación de contenidos hoy mismo. Selecciona una opción a continuación.

Table of Content
Share
Tweet
Share
Explore Kiteworks