Sign up to learn more about receiving a complimentary identity security assessment.
Identity Security Insights delivers deep visibility, threat detection, and actionable recommendations to safeguard your entire identity estate. Sign up to request a complimentary assessment of your current identity security posture, including 30 days of continuous monitoring against identity-based threats.
October 2, 2023: Identity Security Insights detected an attacker trying to access an internal Okta admin account with a valid session cookie stolen from Okta support. We then alerted Okta to the breach nearly three weeks before public acknowledgment.
The Okta administrator’s account was protected with FIDO2 authentication, and policies within BeyondTrust’s Okta only allowed access to the admin console from managed devices with Okta Verify installed.
Our own instance of BeyondTrust’s Identity Security Insights, and tailored detections from our security teams, alerted us to several aspects of the intrusion. We immediately disabled the backdoor user account and revoked the attacker’s access before the account could be used and preventing any further actions.
BeyondTrust security experts have produced the following resources on the Okta breach and on how to improve Okta security:
Webinar: A Post Breach Analysis: Okta Support Unit, with BeyondTrust's Marc Maiffret, Chief Technology Officer; James Maude, Director of Research
Podcast: Breached! BeyondTrust Discovers Breach of Okta Support Unit, with BeyondTrust's Marc Maiffret, Chief Technology Officer; James Maude, Director of Research
Blog: Okta Support Unit Breach Update & Security Implications
Blog: BeyondTrust Discovers Breach of Okta Support Unit
Blog: How Securing Your Identity Store Can Help Stop an Identity-Related Breach