How Cloudflare mitigated yet another Okta compromise

On October 18, 2023, Cloudflare experienced a security incident traced back to compromised authentication tokens at Okta. The attacker leveraged the token to access Cloudflare's Okta instance but was swiftly detected and contained by Cloudflare's Security Incident Response Team (SIRT). No customer information or systems were affected due to the rapid response. This is the second time Cloudflare has been impacted by an Okta breach, with the first occurring in March 2022. Recommendations for Okta include taking reports of compromise seriously, providing timely disclosures, and requiring hardware keys for protection. For Okta's customers, enabling hardware MFA, investigating unexpected changes, monitoring suspicious activity, and reviewing session expiration policies are suggested steps to mitigate risks. Cloudflare continues to monitor the situation closely and will provide updates if further information becomes available.