Cloudflare’s investigation of the January 2022 Okta compromise

On March 22, 2022, it was reported that Okta had experienced a compromise involving an outside hacker gaining access to an Okta support employee's account in January 2022. Cloudflare, which uses Okta internally for employee identity management but not for customer accounts, conducted a thorough investigation and determined that they were not compromised as a result of the incident. The company took several steps to ensure security, including temporarily suspending access for users who could have been affected, forcing password resets for employees who had reset their password or modified their Multi-Factor Authentication (MFA) since December 1, and reviewing Okta logs for potential suspicious activities. Cloudflare also advises other Okta customers to enable MFA for all user accounts, investigate and respond to any unusual activity related to passwords and MFAs, and maintain additional security layers in case of breaches.