OKTA Security Breach Puts Question Mark on Reliability and Sufficiency of Identity Access Management Solutions

How to prevent an unauthorized and irrelevant entity, from accessing the confidential information of a business?

The answer lies in deploying an identity access management solution that enables single sign-on, authorizing access to all required functionalities, while effectively barring irrelevant entities from accessing the organization’s systems, data, and other functions.

But what happens when an identity access management solution or any of its features such as customer support management gets compromised? Well, in the worst-case scenario (which one can hope never materializes),? there can be a serious customer data breach of affected entities along with disruption in operations.

In October, the famous Identity access management solution provider Okta faced a security lapse leading to a breach of its customers' data.? San Francisco-based identity service provider unveiled that a security breach allowed unknown threat actors to exploit employees’ credentials, gaining unauthorized access to it's customers' support case management system. The company initially reported that the breach had only impacted 1% of 18,400 customers. Later, on November 30, OKTA updated that an expansive investigation had revealed that the data of all of its customers was compromised.

While informing about the security breach David Bradbury, Okta's chief security officer, reportedly said, "It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted."

Okta further reported that all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers were affected, excluding customers in the FedRamp High and DoD IL4 environments. These particular environments reportedly utilize a distinct support system not accessed by the threat actor. Additionally, the report confirmed that the Auth0/CIC support case management system had remained unaffected by the incident.

How Did Okta Security Breach Occur?

According to the statement by David Bradbury, access to stolen credentials enabled the threat actor’s access to Okta’s customers' case management system.?

The sensitive information contained in customers-uploaded HAR files including information about cookies and session tokens which could have been compromised by malicious actors.?

The October update further explained that In the regular course of business operations, Okta support may request customers to submit an HTTP Archive (HAR) file.

This file facilitates issue troubleshooting by replicating browser activities. It's important to note that HAR files may include sensitive information, such as cookies and session tokens, which could be exploited by malicious entities to impersonate legitimate users. Okta has collaborated with affected customers to conduct investigations and implemented the required measures.

What Could be the Drawback?

Identity access management companies like OKTA offer employees and customer identity authentication services to thousands of small and large businesses including Microsoft's partner OpenAI, Zoom, FedEx, and many others.?

Secure access to employees and customers through one sign-on and multifactor authentication provided by identity access management companies is crucial to ensure the secure and smooth running of an organization’s operations in the digital sphere. However, making the source of identity access management obvious can allow potential threat actors to use social engineering techniques to gain access to entry points and continue with the breach.

The major drawback is that such a security breach which targets the access management vendor in any capacity can have wide-ranging consequences impacting clients and even clients of clients in the worst scenarios.

While, OKTA’s transparency in revealing the damage of security breach, its nature, and scope is appreciated there is a need to delve deeper into what could be the weak points that make even identity access management systems insufficient. Secure sign-on and multifactor authentication may prove helpful as there is no way to prevent the stealing of credentials through social engineering techniques.

Businesses must insist on seeing a proper threat assessment model before onboarding the services of identity access management solutions and then obtain assurance on workable strategies to address the loopholes.?

To Read More: OpenAI's Identity Partner OKTA's Data Gets Compromised in Security Breach