The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our investigation into suspicious use of this account, Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop. The username and password of the service account had been saved into the employee’s personal Google account,” David Bradbury, Chief … More

The post Okta breach post mortem reveals weaknesses exploited by attackers appeared first on Help Net Security.