Product
Product
Resources
Blog
Beyond Identity Was Not Impacted by the Recent Okta Security Incident
Product

Beyond Identity Was Not Impacted by the Recent Okta Security Incident

Written By
Wes Hines, Lead Security Engineer
Published On
Oct 26, 2023

Most of you have already heard the news of another Okta breach disclosed this past week.

In line with our promise to protect our customers, while we did not receive a breach notification from Okta, we conducted a thorough investigation to ensure we were not impacted. Using an extensive review of logs and our Security Insights and Risk Analytics events, we conclusively determined that our environment was not compromised and no Beyond Identity customers were impacted.

Okta has disclosed that breaches in customer environments are linked to HTTP Archive (HAR) files, which are occasionally gathered for support cases and can contain unsanitized cookies, leaving them vulnerable to adversarial hijacking. Although Okta suggests sanitizing any credentials and cookies/session tokens within HAR files prior to sharing, they fall short of offering any concrete methods for doing so. 

To close this security gap for our customers, Beyond Identity has developed a tool designed to sanitize HAR filesThis tool has been released as open-source and is officially distributed and supported by Beyond Identity, providing a clear and tangible solution for the issue at hand.

As a security company addressing identity problems, we value the trust you place in us and are committed to upholding the highest standards of security and transparency. This breach serves as a reminder of the critical importance of phishing-resistant authentication, hardware-backed credentials, and device trust across all employees, contractors, and partners. We strongly advise our Okta customers to evaluate their environments and ensure that any accounts or groups not protected by Beyond Identity have adequate compensatory protections.

Should you have any concerns or questions regarding this matter, please do not hesitate to contact our support team at support@beyondidentity.com.

Get started with Device360 today
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.
Popular blogs
Beyond Identity Secure SSO: Delivering 99.99% Uptime
Learn more →
Continuous Risk-Based Access Control with Beyond Identity’s CrowdStrike Integration
Learn more →
Introducing RealityCheck
Learn more →

Beyond Identity Was Not Impacted by the Recent Okta Security Incident

Download

Most of you have already heard the news of another Okta breach disclosed this past week.

In line with our promise to protect our customers, while we did not receive a breach notification from Okta, we conducted a thorough investigation to ensure we were not impacted. Using an extensive review of logs and our Security Insights and Risk Analytics events, we conclusively determined that our environment was not compromised and no Beyond Identity customers were impacted.

Okta has disclosed that breaches in customer environments are linked to HTTP Archive (HAR) files, which are occasionally gathered for support cases and can contain unsanitized cookies, leaving them vulnerable to adversarial hijacking. Although Okta suggests sanitizing any credentials and cookies/session tokens within HAR files prior to sharing, they fall short of offering any concrete methods for doing so. 

To close this security gap for our customers, Beyond Identity has developed a tool designed to sanitize HAR filesThis tool has been released as open-source and is officially distributed and supported by Beyond Identity, providing a clear and tangible solution for the issue at hand.

As a security company addressing identity problems, we value the trust you place in us and are committed to upholding the highest standards of security and transparency. This breach serves as a reminder of the critical importance of phishing-resistant authentication, hardware-backed credentials, and device trust across all employees, contractors, and partners. We strongly advise our Okta customers to evaluate their environments and ensure that any accounts or groups not protected by Beyond Identity have adequate compensatory protections.

Should you have any concerns or questions regarding this matter, please do not hesitate to contact our support team at support@beyondidentity.com.

Beyond Identity Was Not Impacted by the Recent Okta Security Incident

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Most of you have already heard the news of another Okta breach disclosed this past week.

In line with our promise to protect our customers, while we did not receive a breach notification from Okta, we conducted a thorough investigation to ensure we were not impacted. Using an extensive review of logs and our Security Insights and Risk Analytics events, we conclusively determined that our environment was not compromised and no Beyond Identity customers were impacted.

Okta has disclosed that breaches in customer environments are linked to HTTP Archive (HAR) files, which are occasionally gathered for support cases and can contain unsanitized cookies, leaving them vulnerable to adversarial hijacking. Although Okta suggests sanitizing any credentials and cookies/session tokens within HAR files prior to sharing, they fall short of offering any concrete methods for doing so. 

To close this security gap for our customers, Beyond Identity has developed a tool designed to sanitize HAR filesThis tool has been released as open-source and is officially distributed and supported by Beyond Identity, providing a clear and tangible solution for the issue at hand.

As a security company addressing identity problems, we value the trust you place in us and are committed to upholding the highest standards of security and transparency. This breach serves as a reminder of the critical importance of phishing-resistant authentication, hardware-backed credentials, and device trust across all employees, contractors, and partners. We strongly advise our Okta customers to evaluate their environments and ensure that any accounts or groups not protected by Beyond Identity have adequate compensatory protections.

Should you have any concerns or questions regarding this matter, please do not hesitate to contact our support team at support@beyondidentity.com.

Beyond Identity Was Not Impacted by the Recent Okta Security Incident

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Subscribe on SpotifySubscribe on Apple

Most of you have already heard the news of another Okta breach disclosed this past week.

In line with our promise to protect our customers, while we did not receive a breach notification from Okta, we conducted a thorough investigation to ensure we were not impacted. Using an extensive review of logs and our Security Insights and Risk Analytics events, we conclusively determined that our environment was not compromised and no Beyond Identity customers were impacted.

Okta has disclosed that breaches in customer environments are linked to HTTP Archive (HAR) files, which are occasionally gathered for support cases and can contain unsanitized cookies, leaving them vulnerable to adversarial hijacking. Although Okta suggests sanitizing any credentials and cookies/session tokens within HAR files prior to sharing, they fall short of offering any concrete methods for doing so. 

To close this security gap for our customers, Beyond Identity has developed a tool designed to sanitize HAR filesThis tool has been released as open-source and is officially distributed and supported by Beyond Identity, providing a clear and tangible solution for the issue at hand.

As a security company addressing identity problems, we value the trust you place in us and are committed to upholding the highest standards of security and transparency. This breach serves as a reminder of the critical importance of phishing-resistant authentication, hardware-backed credentials, and device trust across all employees, contractors, and partners. We strongly advise our Okta customers to evaluate their environments and ensure that any accounts or groups not protected by Beyond Identity have adequate compensatory protections.

Should you have any concerns or questions regarding this matter, please do not hesitate to contact our support team at support@beyondidentity.com.

Book

Beyond Identity Was Not Impacted by the Recent Okta Security Incident

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Download the book

Download the book

Download the book
suggested resources
Zero Trust
Passwordless
DevOps
CIAM
Workforce
Infographic
Secure Workforce
Thought Leadership
Product
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept