Get Started

OKTA 2022 Breach – Security Warning – Information and Next Steps

OKTA has been hacked by a ransomware group. Follow this guide to check whether your system has been affected.

Act Now - Protect Your Business!

Starting March 22, news began circulating regarding an alleged Okta hack by a ransomware group. We hope that investigation will find this a fraudulent act or a minor impact incident.

On March 24, OKTA announced this hack has directly addressed the affected customers.

Nevertheless, our team still recommends running through the following check to assure your business is safe.

Yet, this article will provide some immediate measures you can take concerning your OKTA identity infrastructure.

From the available evidence, represented by a couple of screenshots from the attacker, timestamped to January 21, 2022, we see internal admin tools.

The privilege is likely obtained through social engineering, targeting an okta IT admin, not a technical nature or system vulnerability.

Until further notice from Okta’s investigation, we recommend taking the following actions:

  1. Investigate the Okta System Log for the following Events, and see if any entry has an Actor that is not an admin in the Okta tenant or is marked as “Okta System“:
  2. eventType eq “user.mfa.factor.deactivate”
  3. eventType eq “user.account.update_password”
  4. Revoke Okta Support access until further notice
  5. [Update, March 24] Check that no new admins were added during the period.

We will continue to update you as Okta provides any more details and their future preventative plans.

For any questions, don’t hesitate to contact us.

contact@accsense.io

 

Credit: Razvan Negri, Okta Consultant.
Identity
Muli Motola

Strategic Digital Identity Cyber Resilience: Securing Mission Critical Asset Backup and Recovery

The news of OKTA’s breach has shone a spotlight on IAM systems’ tremendous value and fragility. Like one domino falling into the next, a system breach at a third-party OKTA support provider can inevitably impact 15,000 organizations using OKTA’s identity and access management services. And the weight of the impact is potentially massive.
Learn how to protect your systems with accSenSe’s Digital Identity Resilience solution.

March 27, 2022
Identity
Muli Motola

Restoring the confidence: How OKTA customers can gain peace of mind

Between the ever-growing fear of being the next victim of a cybercrime and the exponentially growing amount of security services they must consume, Customers are in search of peace of mind. Read on to find out in this technical review how accSenSe can give you this peace of mind.

March 25, 2022

We are accSenSe Team

Digital Identity Resilience is crucial to bouncing back from cyber-attacks quickly, fixing a human error, and managing change. accSenSe will provide strategic value for your IT. Diagnose and remediate posture changes within your IAM system. Get back to business as usual within hours and ensure business loss is kept to a minimum. Low RPO and high granularity, Keeping data retention to a maximum. Handle change and growth safely and securely, avoid misconfiguration.

What's accSense?

Get started — it's free

Threat

In a time where Ransomware attacks and account takeovers are growing fast, Cloud Data is at ever-increasing risk.

Identify

Regain Control over your SaaS systems following a cyber attack.

Data

Cloud apps are dominating the software industry. Companies hold their most valuable data in these apps.

Recover

Recover not only SaaS data but also the SaaS configuration and setup.

Resilience

Cloud vendors are legally unbounded from protecting the cloud data with the shared responsibility model.

Business as Usual

With Adjustable RPO and a low RTO, you can be back in business in no time.
schedule an appointment
Contact Us

Ha'shiezaf st. 4, Raanana 4366411 Israel

Terms of Use
privacy policy
Schedule a Demo