Is Nexthink affected by the Okta breach?


Is Nexthink affected by the recent Okta breach?


No, Nexthink is not impacted. Nexthink has received formal confirmation from Okta that it has not been identified as part of the potentially affected customers. While Nexthink relies on Okta for corporate accounts and API management, additional authentication factors are enforced based on third-party technologies, along with posture checks that are required for production environment access.

There is no impact on the Nexthink production cloud environment. Nexthink security team is actively reviewing internal logs and has not detected any abnormal activity.

Nexthink will continue to monitor the situation and provide further updates as they become available.


On 22 March 2022, authentication provider Okta confirmed an attempted compromise of an account related to a third-party customer support engineer, who had been working for one of their sub-processors. The statement from Okta showed several screenshots that had been posted by the Lapsus$ cyber extortion group, which has risen in prominence in recent months. Lapsus$ has targeted several enterprise technology companies, breaching significant amounts of data and posting it on their dedicated Telegram data leak channel.

How is Nexthink protecting its products against breaches like this?

Nexthink applies an in-depth defense strategy, in which multiple controls are thoughtfully layered providing together mitigation against a wide variety of threats. This includes:

  • Multifactor authentication

  • Host posture checks

  • Restricted access to the management plane

  • Continuous monitoring of any suspicious activity

Nexthink has also achieved the ISO 27001, 27017 and 27018 and SOC 2 Type I certifications for the Nexthink Experience cloud platform.

Last updated