Okta Security Breach

Published On: December 6, 2023Categories: Cyber Alerts

In early September, your SensCy team shared with you some information and remediation tips regarding security flaws in the Identity and access management company Okta that could lead to social engineering attacks. at the time, the attacks were targeted towards IT services and IT support desks to trick them into resetting multi-factor authentication (MFA) for

high-privileged users, weakening the security around admin accounts.

Okta announced last week that hackers actually accessed and stole data on ALL customers during the breach. The hackers stole credentials to access Okta’s support case management system. While the original number of impacted organizations was around 1%, the new report revealed that the hacker downloaded a file containing data belonging to “all Okta customer support system users.”

Here Okta’s recommendations:

  • Multi-Factor Authentication (MFA): All Okta customers secure admin access using MFA at a minimum, preferably using phishing-resistant authenticators, such as physical security keys.
  • Admin Session Binding: you can now unable an Early Access feature in Okta that requires admins to reauthenticate if their session is reused from an IP address with a different ASN (Autonomous System Number).
  • Admin Session Timeout: Okta is introducing Admin Console timeouts that will be set to a default of 12-hour session duration and a 15-minute idle time.
  • Phishing Awareness: Okta customers should be vigilant of phishing attempts that target their employees and especially wary of social engineering attempts that target their IT Help Desks and related service providers.

 

If you have any questions regarding the data breach, please contact your Cyber Advocate.

Related Posts

  • July 10, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]

  • July 9, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, May 14, 2024. This month Microsoft fixes four [...]

  • June 29, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 183 vulnerabilities discovered, including 135 WordPress plugin [...]