Skip to main content
Skip table of contents

Is Nexthink affected by the Okta Support System breach?

Question

Is Nexthink affected by the October 2023 Okta Support System breach?

Answer 

Nexthink has some minor impacts. Nexthink uses Okta as our Identity Provider.  Based on the information update from Okta, a report was downloaded by a threat actor that contained Nexthink user information.  Our system was not accessed or directly impacted by this breach.  There has been no Nexthink customer data exposure or breach.

Background

According to reports from Okta, the threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users.  The threat actor ran a report that contained the following fields for each user in Okta’s customer support system:

Created Date   

Last Login   

Role: Description   

Full Name   

Username   

Phone   

Email   

Company Name   

Mobile   

User Type   

Address   

Time Zone   

[Date of] Last Password Change or Reset   

Role: Name   

SAML Federation ID

 The report does not include user passwords or sensitive personal data. The primary contact information recorded in the report is full name and email address.  

Okta Support System breach is related strictly to Nexthink employee's data. There has been no Nexthink customer data exposure or breach.

How is Nexthink protecting its products against breaches like this?

Okta notified Nexthink with the individuals whose information was impacted.  There are no impacts to any Nexthink customers.  

Nexthink has evaluated the risks and suggestions from Okta for risk mitigation.  These include:

  • Multi-Factor Authentication – Nexthink already enforces MFA for all Nexthink employees.

  • Phishing Awareness – Due to email addresses being exposed, there will be heightened vigilance around Phishing attempts and reports.

  • Configure Authentication Policies – (Application Sign-on Policies) for access to privileged applications, including the Admin Console, to require re-authentication “at every sign-in”. 

  • New Device and Suspicious Activity – Turn on and test end-user notifications.

  • Authentication Policies – Hardening our authentication policies for our Administrators.

Nexthink applies an in-depth defense strategy, in which multiple controls are thoughtfully layered providing together mitigation against various threats. This includes:

  • Least Privilege

  • Host posture checks

  • Restricted access to the management plane

  • Continuous monitoring of any suspicious activity

Nexthink has also achieved the ISO 27001, 27017, 27018, and 27701 and SOC 2 Type 2 certifications for the Nexthink Infinity cloud platform.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.