ExtraHop update on Okta

ExtraHop is aware of the claims of a breach at Okta and is tracking the issue closely. Multi-factor authentication (MFA) is an essential component of ExtraHop’s defense-in-depth strategy. Our teams are continuing to investigate and monitor for any indications of compromise.

We advise all ExtraHop customers who use Okta to monitor their network for unusual activity. In general, we recommend that MFA is paired with network monitoring to detect IoCs associated with authenticated user profiles. When authentication providers are compromised, or when an MFA tool is otherwise exploited to gain access to a network, an attacker may have compromised multiple legitimate user accounts, including privileged accounts. Attackers will use privileged user accounts to mask malicious activity and avoid detection.

ExtraHop has extensively investigated the alleged breach of Okta and have concluded that there has been no compromise of ExtraHop’s network, data, or customer information. ExtraHop will continue to monitor the situation and will issue an update if necessary.

We continue to advise all ExtraHop customers to strengthen their cyber defenses in the light of recent warnings from cybersecurity agencies around the globe. ExtraHop created a resource with clear steps for implementing guidance from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) in our Practical Guide for Shields Up.