The Okta carrier has no longer been breached and remains fully operational. There are no longer any corrective actions that prefer to be taken by our customers.
In January 2022, Okta detected an unsuccessful strive to compromise the fable of a buyer strengthen engineer working for a third-occasion provider. As part of our standard procedures, we alerted the provider to the roar, whereas concurrently terminating the user’s titillating Okta classes and suspending the actual person’s fable. Following those actions, we shared pertinent data (including suspicious IP addresses) to supplement their investigation, which modified into as soon as supported by a third-occasion forensics firm.
Following the completion of the carrier provider’s investigation, we got a account from the forensics firm this week. The account highlighted that there modified into as soon as a five-day window of time between January 16-21, 2022, where an attacker had access to a strengthen engineer’s pc. Here is in keeping with the screenshots that we turned attentive to the day earlier than on the present time.
The doable affect to Okta customers is diminutive to the access that strengthen engineers dangle. These engineers are unable to ticket or delete users, or catch buyer databases. Enhance engineers attain dangle access to diminutive data – as an illustration, Jira tickets and lists of users – that were viewed within the screenshots. Enhance engineers are additionally in a position to facilitate the resetting of passwords and multi-ingredient authentication components for users, nonetheless are unable to ticket those passwords.
We are actively persevering with our investigation, including identifying and contacting those customers that can were impacted. There is no affect to Auth0 customers, and there may be no affect to HIPAA and FedRAMP customers.
We take our accountability to provide protection to and stable our customers’ data very seriously. We are deeply committed to transparency and have to be in contact extra updates when accessible.