Securing Your Okta Environment: Insights and Actions After the October Customer Support Security Incident

In light of the recent security incident in October 2023 affecting Okta Customer Support Management System (Okta Help Center), we want to assure our valued customers that their security remains our top priority. We understand the concerns posed by this incident, and we are fully committed to supporting you through every step of the way.

Below is an update from Okta on the recent security incident in October 2023 affecting Okta Customer Support Management System (Okta Help Center). 

October Customer Support Security Incident - Update and Recommended Actions | Okta Security 

As indicated by Okta in the update, the threat actor ran a report in the Okta customer support system on September 28, 2023. The report did not include user credentials or sensitive personal information. There is a possibility that the threat actor may use this information to target customers with social engineering or phishing attacks. 

We strongly recommend that you consider the following actions to prevent the risk of the threat actor: 

1. Review the list of users with admin privileges in Okta. We highly recommend putting a monthly audit of privileged accounts into effect. 
2. Ensure the principle of least privilege for Okta admin accounts by using custom admin roles and resource sets. 
3. Ensure phishing-resistant MFA is enforced for all accounts especially Okta administrator accounts since they are possible targets for social engineering or phishing attacks. 
4. We highly recommend that all users with Okta admin privileges reset their password at the earliest possible. 
5. Monitor Okta logs for anomalous events. Examples would be password changes, MFA resets for admin accounts. 
6. Ensure users who perform password reset and MFA reset functions are made aware of possible social engineering attacks. This is a good time to revisit helpdesk password reset and MFA reset operating procedures, especially for Okta admin accounts.  

We understand the challenges posed by this incident and assure you that Active Cyber is committed to supporting you through this. Our team is on standby to assist with any questions or concerns you may have and to guide you through implementing the required security measures.  

We will also be scheduling webinars and training sessions in the coming weeks to provide further guidance and answer any questions. Please look out for our invitation to join this webinar. 

Your security is our top priority, and we are dedicated to ensuring that your systems remain safe and secure. If you need immediate assistance, please get in touch with your Active Cyber engagement team or info@activecyber.com.

Thank you for your continued trust in Active Cyber.