What We Do
How We Do
Get Started
Security advisories

Update: Okta Breach

November 29, 2023 | 2 MINS READ

Speak With A Security Expert Now



Update to the eSentire original advisory on the Okta Security Incident from October 20, 2023.

On November 29th, 2023, Okta released additional information on the October security incident that impacted the company. Okta has confirmed that threat actors were able to download a report containing customer names and email addresses. This impacted all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers, excluding FedRamp High and DoD IL4 environments. Stolen information has not been observed being used in real-world attacks at this time, but threat actors may employ names and email addresses to perform phishing and other social-engineering type attacks.

Impacted Okta clients are recommended to operate under heightened security awareness, instruct employees on the risks of malicious emails, and enforce the use of Multi-Factor Authentication (MFA) to reduce the impact of compromised credentials.

What we’re doing about it

What you should do about it

Additional information

In the October 2023 attack, threat actors targeted Okta's support case management system, which is separate from the primary Okta service. HAR files, uploaded by customers for troubleshooting, can contain sensitive information, emphasizing the importance of sanitizing such files before sharing.

Impacted System: 

Okta Support Case Management System


[1] https://www.esentire.com/security-advisories/okta-breach
[2] https://sec.okta.com/harfiles
[3] https://www.esentire.com/security-advisories/increase-in-adversary-in-the-middle-phishing-attacks

View Most Recent Advisories