Social engineering attacks continue to target the identity service provider (IdP), Okta. In the latest identity-centric breach, attackers targeted the IdP to exploit its customer’s Okta instances. Watch how a stolen employee’s credentials were used to gain access to the IdP’s support case management system, access HAR files that contain sensitive session tokens, and hijack legitimate sessions of five customers. Once inside, threat actors were able to make system-wide changes such as elevating privileges or disabling MFA.
