For context, this is apparently a regular part of Okta's customer support process [0][1], not something Cloudflare just decided to do on their own. It's the kind of obscure process that would be hard to catch by enumerating specific rules like "don't upload HAR files to customer support even if they ask for them", and it's a technical enough process that you wouldn't expect any random employee to realize that an HAR file contains the keys to the kingdom (much less why that even matters when you're dealing with customer support for your authentication provider who seems to already have the keys).
I think it's pretty fair for Cloudflare to place this in Okta's court. Okta customer support knew what they were asking for and should have had greater controls in place for dealing with those files safely.
> Okta explained that when it is troubleshooting issues with customers it will often ask for a recording of a Web browser session (a.k.a. an HTTP Archive or HAR file). These are sensitive files because in this case they include the customer’s cookies and session tokens, which intruders can then use to impersonate valid users. [2]
I think it's pretty fair for Cloudflare to place this in Okta's court. Okta customer support knew what they were asking for and should have had greater controls in place for dealing with those files safely.
> Okta explained that when it is troubleshooting issues with customers it will often ask for a recording of a Web browser session (a.k.a. an HTTP Archive or HAR file). These are sensitive files because in this case they include the customer’s cookies and session tokens, which intruders can then use to impersonate valid users. [2]
[0] Old content: http://web.archive.org/web/20230207011818/https://help.okta....
[1] New content with updated warning: https://help.okta.com/oag/en-us/content/topics/access-gatewa...
[2] https://krebsonsecurity.com/2023/10/hackers-stole-access-tok...