More Okta Customers Hacked (www.darkreading.com)
from tym@lemmy.world to technology@lemmy.world on 21 Oct 2023 14:09
https://lemmy.world/post/7118678

#technology

threaded - newest

originalucifer@moist.catsweat.com on 21 Oct 2023 14:22 next collapse

is this one of those 'keeping all your eggs in one basket' kinda things?

tym@lemmy.world on 21 Oct 2023 14:34 next collapse

The irony is that an IdP (identity provider) with SAML-based Single-Sign On is supposed to be another line of defense alongside MFA. It’s like the security company you hired for your gated community hiring ex-cons!

phx@lemmy.ca on 21 Oct 2023 17:04 collapse

Depends on how you’re set up.

If you’re using OKTA for MFA but still have something else as a reliable primary source of authentication, then it’s safer against one or the other being compromised.

If you’re using OKTA’s (or any one provider’s) services for primary login and MFA, then depending on the extent they get compromised, yeah: all eggs, one basket

ubermeisters@lemmy.world on 21 Oct 2023 15:18 next collapse

Same thing happened to the company I work for. It was honestly super interesting and I wish I could dive into it more for you guys. But alas

danc4498@lemmy.world on 21 Oct 2023 15:34 collapse

The customer support case management system is separate from the Okta service itself and the incident only impacted customers with recent support cases, the company’s Chief Security Officer David Bradbury stressed in a blog post on Oct. 20. Impacted customers have been notified, he said.

This sounds super limited, but if past experiences tell me anything, we’re about to find out that every corporation that uses Okta has had their admin accounts compromised.