OKTA has been hacked by a ransomware group. Follow this guide to check whether your system has been affected.

Act Now - Protect Your Business!

Starting March 22, news began circulating regarding an alleged Okta hack by a ransomware group. We hope that investigation will find this a fraudulent act or a minor impact incident.

On March 24, OKTA announced this hack has directly addressed the affected customers.

Nevertheless, our team still recommends running through the following check to assure your business is safe.

Yet, this article will provide some immediate measures you can take concerning your OKTA identity infrastructure.

From the available evidence, represented by a couple of screenshots from the attacker, timestamped to January 21, 2022, we see internal admin tools.

The privilege is likely obtained through social engineering, targeting an okta IT admin, not a technical nature or system vulnerability.

Until further notice from Okta’s investigation, we recommend taking the following actions:

  1. Investigate the Okta System Log for the following Events, and see if any entry has an Actor that is not an admin in the Okta tenant or is marked as “Okta System“:
  2. eventType eq “user.mfa.factor.deactivate”
  3. eventType eq “user.account.update_password”
  4. Revoke Okta Support access until further notice
  5. [Update, March 24] Check that no new admins were added during the period.

We will continue to update you as Okta provides any more details and their future preventative plans.

For any questions, don’t hesitate to contact us.



Credit: Razvan Negri, Okta Consultant.

Muli Motola

How to Recover OKTA

How to Recover OKTA In a world where information has become the currency, Identity and Access Management Security are now the single-point-of-failure for most organizations.

Muli Motola

Strategic Digital Identity Cyber Resilience: Securing Mission Critical Asset Backup and Recovery

The news of OKTA’s breach has shone a spotlight on IAM systems’ tremendous value and fragility. Like one domino falling into the next, a system breach at a third-party OKTA support provider can inevitably impact 15,000 organizations using OKTA’s identity and access management services. And the weight of the impact is potentially massive.
Learn how to protect your systems with accSenSe’s Digital Identity Resilience solution.

Muli Motola

Restoring the confidence: How OKTA customers can gain peace of mind

Between the ever-growing fear of being the next victim of a cybercrime and the exponentially growing amount of security services they must consume, Customers are in search of peace of mind. Read on to find out in this technical review how accSenSe can give you this peace of mind.

We are accSenSe Team

Digital Identity Resilience is crucial to bouncing back from cyber-attacks quickly, fixing a human error, and managing change. accSenSe will provide strategic value for your IT. Diagnose and remediate posture changes within your IAM system. Get back to business as usual within hours and ensure business loss is kept to a minimum. Low RPO and high granularity, Keeping data retention to a maximum. Handle change and growth safely and securely, avoid misconfiguration.


In a time where Ransomware attacks and account takeovers are growing fast, Cloud Data is at ever-increasing risk.


Regain Control over your SaaS systems following a cyber attack.


Cloud apps are dominating the software industry. Companies hold their most valuable data in these apps.


Recover not only SaaS data but also the SaaS configuration and setup.


Cloud vendors are legally unbounded from protecting the cloud data with the shared responsibility model.

Business as Usual

With Adjustable RPO and a low RTO, you can be back in business in no time.