2022-03-25 Okta, Inc. Cybersecurity Incident

Page last updated on April 11, 2024

Okta, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2022-03-25 16:05:34 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date: 2022-01-21
Detected Date:
Disclosure Date: 2022-03-25
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2022-03-25

Okta, Inc. filed an 8-K at 2022-03-25 16:05:34 EDT
Accession Number: 0001193125-22-085134

Item 8.01 Other Events.

On March 21, 2022, a cybercrime group published a number of screenshots online that were taken from a computer used by a customer support engineer employed by a third-party vendor that supplies customer support services to Okta, Inc. (the “Company”). The Company has determined that the screenshots are related to an incident experienced by the vendor in January 2022. The vendor engaged a leading forensic firm to perform an investigation of the incident and has since advised the Company that the incident is not ongoing and has been remediated.

Based on the findings of the vendor’s forensic firm, in the January 2022 incident, there was a five-day window of time between January 16-21, 2022 when the cybercrime group had access to the vendor environment, which the Company also has validated with its own analysis. The Company has determined that the maximum potential impact is 366 (approximately 2.5% of) customers whose Okta tenant was accessed by the vendor during the five-day window. The potential impact to the Company’s customers is limited to the access that the vendor support engineers have in connection with their role. These support engineers are unable to create or delete users, download customer databases, or access the Company’s source code repositories. Support engineers are able to facilitate the resetting of passwords and multi-factor authentication factors for users, but are unable to obtain those passwords.

The Company’s service is fully operational. The Company does not consider the incident to be material.

The Company continues to investigate the incident and is in ongoing communication with its customers about the incident.

On March 22, 2022 and March 23, 2022, the Company issued blog posts announcing details relating to the foregoing incident, and will continue to post blog updates as warranted.

8-K/A filed on 2022-04-19

Okta, Inc. filed an 8-K/A at 2022-04-19 16:08:25 EDT
Accession Number: 0001193125-22-109427

Item 8.01 Other Events.

This filing amends Item 8.01 of the Current Report on Form 8-K of Okta, Inc. (the “Company”) filed on March 25, 2022 (the “Prior 8-K”).

The Company has concluded its investigation into the January 2022 compromise of its third-party vendor. The Company is now able to conclude that the impact of the incident was significantly less than the maximum potential impact that the Company initially shared in the Prior 8-K. The Company continues to not consider the incident to be material. The final forensic report of the cybersecurity firm the Company engaged concluded that:

- 	The threat actor actively controlled a single workstation used by a third-party vendor's support engineer, with access to Company resources.

- 	Such control lasted for 25 consecutive minutes on January 21, 2022.

- 	During that limited window of time, the threat actor accessed two active customer tenants within the SuperUser application and viewed limited additional information in certain other applications like Slack and Jira that cannot be used to perform actions in Company customer tenants.

- 	The threat actor was unable to successfully perform any configuration changes, multi-factor authentication or password resets, or customer support "impersonation" events.

- 	The threat actor was unable to authenticate directly to any Company accounts. 

Company Information