Okta, a provider of identity services, announced a new security issue on Friday that allowed unidentified threat actors to access its support case management system using stolen credentials. The business also stated that the compromise had no effect on their Auth0/CIC case management system, and that it has alerted clients who had been affected immediately.
“The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” stated David Bradbury, Okta’s chief security officer. “It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted.”