- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
Okta hackers stole data on all customer support users, company says::The hack was worse than initially believed, with every client having some data stolen in the breach, the cybersecurity company warned.
I look like a hero at work these days. I recommended against Okta as an oauth provider a few weeks before the this and the MGM hacks.
Okta is the defacto sso provider these days. All products are built for it, which is bad because we saw how well they handle security in the last few weeks.
Everything has gone OAuth and Okta is heavily involved in the OAuth working group. They’re really intertwined.
Azure AD, ok, Entra ID would like a word.
What were your reasons and arguments?
Mainly money but I also expressed nervousness about their AD bridge which, it turns out, is where the privilege execution happened in the MGM hack.
I’d argue a lot of these articles are missing the bigger point here. Okta appears to have gaslit their customer base.
Coming forward with a substantially worse finding than the initial one in October is not good. This probably means someone wanted to rush out the memo that “fewer than 1%” of customers were impacted without diligence in their investigation. This is worsened by the fact that they had a breach near the start of this year.
Best case, this was a process failure when analyzing the impact of the breach. While process failures can be fixed, this erodes trust and calls into question how they missed this information.
Worst case, though? The initial set of findings was a cheap attempt at trying to save face and sweep the news under the rug, but they were caught when they could no longer plausibly say “less than 1% of customers” were affected. This feels like a lie. A lie about anything related to security destroys trust quickly.
Going forward, I think there will be a lot of skepticism around Okta’s investigations of their breaches and the trust lost will be very difficult to regain.
deleted by creator
KeePass is a password manager, Okta is a single sign on provider. They are not the same
deleted by creator
Vendor
deleted by creator
1Pass hired them to do services, is that I assume when I hear a business relationship described as “vendor”