Is Nexthink affected by the Okta Support System breach?
Question
Is Nexthink affected by the October 2023 Okta Support System breach?
Answer
Nexthink has some minor impacts. Nexthink uses Okta as our Identity Provider. Based on the information update from Okta, a report was downloaded by a threat actor that contained Nexthink user information. Our system was not accessed or directly impacted by this breach. There has been no Nexthink customer data exposure or breach.
Background
According to reports from Okta, the threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users. The threat actor ran a report that contained the following fields for each user in Okta’s customer support system:
Created Date | Last Login | Role: Description |
---|---|---|
Full Name | Username | Phone |
Company Name | Mobile | |
User Type | Address | Time Zone |
[Date of] Last Password Change or Reset | Role: Name | SAML Federation ID |
The report does not include user passwords or sensitive personal data. The primary contact information recorded in the report is full name and email address.
Okta Support System breach is related strictly to Nexthink employee's data. There has been no Nexthink customer data exposure or breach.
How is Nexthink protecting its products against breaches like this?
Okta notified Nexthink with the individuals whose information was impacted. There are no impacts to any Nexthink customers.
Nexthink has evaluated the risks and suggestions from Okta for risk mitigation. These include:
Multi-Factor Authentication – Nexthink already enforces MFA for all Nexthink employees.
Phishing Awareness – Due to email addresses being exposed, there will be heightened vigilance around Phishing attempts and reports.
Configure Authentication Policies – (Application Sign-on Policies) for access to privileged applications, including the Admin Console, to require re-authentication “at every sign-in”.
New Device and Suspicious Activity – Turn on and test end-user notifications.
Authentication Policies – Hardening our authentication policies for our Administrators.
Nexthink applies an in-depth defense strategy, in which multiple controls are thoughtfully layered providing together mitigation against various threats. This includes:
Least Privilege
Host posture checks
Restricted access to the management plane
Continuous monitoring of any suspicious activity
Nexthink has also achieved the ISO 27001, 27017, 27018, and 27701 and SOC 2 Type 2 certifications for the Nexthink Infinity cloud platform.
Last updated