Okta Hack and steps for remediation

The Okta Breach

A Okta support system was compromised, and the unauthorized access. We give credit where credit is due; BeyondTrust own tools and Cloudflare for discovery.

While it has been reported that 175 clients (BeyondTrust and Cloudfare) are breached, another was the popular 1Password app company but not any database or such.

We believe in Okta, having been in business for over 17 years of helping business and being an Okta for eight years. We are their longest-serving partner by far. Our engineers see and provide strategic support the most complex companies for deployment.

Do this within your Okta instance, or ask us to help.

What enhancements must be turned on or reviewed if you're a current Okta customer? If you don’t know below, ask us!

  1. Run a report in Okta for all MFA changes.
  2. Run all password resets company-wide.
  3. Enable MFA hardware, like Yubikey or Fido devices.

Being Proactive.

  1. Specific reports should be turned on. EX: New User created.
  2. Have old users been reactivated?
  3. Do the user sessions have the proper authentication with it?
  4. Any MFA request, changes, removals or overrides.
  5. Access to sensitive business applications. Run a report on those business applications.
  6. Does your business have supply change providers accessing your tenants?
  7. Do you have WorkDay as a master where you provision external workers and partners? Is this set up correctly, and has this been flushed out with a massive reset?
  1. Tracking Unauthorized Access to Okta’s Support System Link
  2. Auditing customer support actions in your Okta tenant using System Log Link
  3. Okta and Splunk Combine to Detect Common Attacks Link
  4. Exporting Okta Log Data Link
  5. System Log Queries for Attempted Account Takeover Link
  6. User Sign-in and Recovery Events in the Okta System Log Link
  7. Exporting Browser Log Files for Troubleshooting Link
  8. Defending Against Session Hijacking Link
  9. Understanding the Risks of Persisting Session Cookies Across Browser Sessions Link
  10. Guidance for Generating HAR Files Link
  11. How to Remove Secrets from a .har File Link
  12. HealthInsight tasks and recommendations Link
  13. HealthInsight tasks and recommendations Link

What do our engineers do very well with Okta?

We actively work for the protection and authentication of users for corporate applications. We help customers build secure authentication using Okta efficiently and effectively and quickly accelerate any website or application. We can help you on your journey to a more secure Okta instance and work with you on a zero-trust model.

If you want a secure webpage for on and off-board users to Okta with checks and balances, check out our Orchestration Engine.

The Orchestration Engine makes it easy to provision users with cloud services for your business.

Cloud Licensing Providers we handle.

Real-time, support for your Okta needs, delivered directly via our Slack channel.

Talk to us

Phone & Hours

(888) 959-2825
Monday-Friday: 9am to 5pm

Address

8117 W. Manchester Ave
Suite 915
Playa Del Rey, CA 90293