Is Nexthink affected by the Okta Support System breach?

Question

Is Nexthink affected by the October 2023 Okta Support System breach?

Answer

Nexthink has some minor impacts. Nexthink uses Okta as our Identity Provider. Based on the information update from Okta, a report was downloaded by a threat actor that contained Nexthink user information. Our system was not accessed or directly impacted by this breach. There has been no Nexthink customer data exposure or breach.

Background

According to reports from Okta, the threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users. The threat actor ran a report that contained the following fields for each user in Okta’s customer support system:

Created Date	Last Login	Role: Description
Full Name	Username	Phone
Email	Company Name	Mobile
User Type	Address	Time Zone
[Date of] Last Password Change or Reset	Role: Name	SAML Federation ID

Created Date

Last Login

Role: Description

Full Name

Username

Phone

Email

Company Name

Mobile

User Type

Address

Time Zone

[Date of] Last Password Change or Reset

Role: Name

SAML Federation ID

The report does not include user passwords or sensitive personal data. The primary contact information recorded in the report is full name and email address.

Okta Support System breach is related strictly to Nexthink employee's data. There has been no Nexthink customer data exposure or breach.

How is Nexthink protecting its products against breaches like this?

Okta notified Nexthink with the individuals whose information was impacted. There are no impacts to any Nexthink customers.

Nexthink has evaluated the risks and suggestions from Okta for risk mitigation. These include:

Multi-Factor Authentication – Nexthink already enforces MFA for all Nexthink employees.
Phishing Awareness – Due to email addresses being exposed, there will be heightened vigilance around Phishing attempts and reports.
Configure Authentication Policies – (Application Sign-on Policies) for access to privileged applications, including the Admin Console, to require re-authentication “at every sign-in”.
New Device and Suspicious Activity – Turn on and test end-user notifications.
Authentication Policies – Hardening our authentication policies for our Administrators.

Nexthink applies an in-depth defense strategy, in which multiple controls are thoughtfully layered providing together mitigation against various threats. This includes:

Least Privilege
Host posture checks
Restricted access to the management plane
Continuous monitoring of any suspicious activity

Nexthink has also achieved the ISO 27001, 27017, 27018, and 27701 and SOC 2 Type 2 certifications for the Nexthink Infinity cloud platform.

Last updated 16 days ago