As you may have heard, Okta has suffered a breach. Scary – but thankfully it is not as bad as it sounds!
The breach was of the HTTP Archive files, which are used for support tickets/cases and contain tokens and cookies that can be used to impersonate a user login. This breach affects around 1% of Okta customers, and any who were affected have been notified.
If you use Okta, we have already reached out to your MSP if we work with them; however, if we do not and you do use Okta, please contact your MSP to double check that you are not in the effected 1%.
Keep in mind, many of your vendors MAY use Okta, and so we should verify which vendors MIGHT be affected and triage talking to them to make sure they are also not in that 1%. Banks, AP systems, and systems with CPI should be the first ones contacted. We will work through that list with you and for you! Please feel free to schedule time with us to prioritize the list. Otherwise, know we are working down the list ourselves as we see appropriate.
For more information, see Okta's official communication: https://sec.okta.com/harfiles
Please contact Tania Neild with any questions.