Week in Brief - Okta Breach, Brave's Stealthy VPN, Weak Admin Passwords an More

[Okta Breached via Stolen Access Tokens from Support Unit](https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/?ref=blog.mandos.io)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

- **Credential Abuse and Data Exposure**: Hackers exploited a stolen credential to access Okta's support case management system. They viewed HAR (HTTP Archive) files containing sensitive cookies and session tokens. These tokens could be used for impersonation attacks, posing a significant risk to Okta's client base.
- **Third-Party Impact and Containment**: Cloudflare detected unauthorized access to their Okta instance, originating from a compromised token at Okta. They used their Zero …

abuse access archive attacks base case case management client cloudflare containment cookies credential credential abuse cybersecurity data data exposure exploited exposure files hackers http http archive impact impersonation impersonation attacks instance management okta party risk sensitive session stolen support system third third-party tokens unauthorized access