Back to Blog
Security Strategy

hCaptcha is not affected by the Okta compromise

March 23, 2022

Share
hCaptcha's review of the January 2022 Okta compromise. There was no impact to hCaptcha services.

On March 22, 2022 we were notified of a compromise of Okta that occurred in January 2022, in which an Okta support team account was compromised. This elevated access was apparently used to reset user accounts, and in combination with spear phishing attacks was used to target employees of other companies in order to compromise their networks.

Background

Okta is one of the larger identity platforms, used to secure authentication and access control by thousands of organizations around the world.

Compromising an identity platform means, in the worst case, that attackers can potentially access any resource secured by that platform at any of its downstream customer companies

Direct impact

We do not use Okta internally, and no hCaptcha production assets are secured with Okta. There was no direct impact to hCaptcha from the Okta compromise.

Indirect Impact

hCaptcha Enterprise is natively supported by Okta for SAML SSO via the Okta OIN. This means some hCaptcha Enterprise customers can log in to manage their services via Okta SSO.

Okta also has native integration of hCaptcha challenges. Okta customers can enable this feature within the Okta login flow, but this interaction path does not appear to be affected by the compromise.

Our job was thus to confirm that no hCaptcha Enterprise customer was affected by their Okta integration.

Verifying hCaptcha Enterprise customers were not affected

After re-confirming none of our systems or teams used Okta, we extended our analysis further by auditing whether any Okta-mediated hCaptcha Enterprise logins showed abnormal activity.

hCaptcha Enterprise customers have rich audit logs available to simplify customer compliance audits, including logins to their Enterprise accounts and all service changes across Enterprise Organizations.

We used this data to run ex post facto trend analysis and anomaly detection on Enterprise activity since January 2022 where Okta was part of the SSO flow.

After manual review of trends and anomalies, no suspicious activity was found on these Okta-mediated logins in the January 01 - March 22 2022 timeframe.

Ongoing monitoring

The hCaptcha SOC will continue elevated monitoring of anomalies on Okta-mediated login accounts, and will reach out to any Enterprise customers immediately upon detection if any suspicious behavior is found in the future.

hCaptcha will also continue to monitor Okta-related news for compromise updates to confirm no further action is required. If needed, we will provide alternate access methods for existing Okta SSO-enabled hCaptcha Enterprise customers in the event this Okta compromise is determined to be of wider scale and scope, or those customers decide to move to an alternate identity platform.

Subscribe to our newsletter

Stay up to date on the latest trends in cyber security. No spam, promise.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Back to blog

Attack Prevention

Passkeys Offer Both Benefits and New Attack Surfaces

Be careful when implementing passkeys. They can offer a more secure alternative to passwords when implemented correctly, but provide many ways for implementers to shoot themselves in the foot.

March 12, 2024

Announcements

As Google raises prices on reCAPTCHA, hCaptcha remains the ROI leader

Google has raised reCAPTCHA prices yet again, nearly eliminating its free tier. hCaptcha delivers higher performance and better ROI with unchanged tiers.

January 30, 2024

Research

Report: Cybercrime Groups choose Black Friday and Cyber Monday to Debut New Attacks

November brings discounts from popular retailers, and for many merchants the 24th to 27th is a substantial percentage of their annual sales. Here are some of the attack trends we saw in 2023.

November 30, 2023