Hackers Stole Access Tokens from Okta’s Support Unit (krebsonsecurity.com)
from fart_pickle@lemmy.world to technology@lemmy.world on 20 Oct 2023 20:39
https://lemmy.world/post/7086444

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned.

#technology

threaded - newest

avidamoeba@lemmy.ca on 20 Oct 2023 21:22 next collapse

These kind of things don’t look good at all for security companies.

MySNsucks923@lemmy.zip on 21 Oct 2023 00:08 next collapse

Work forces us to use okta to do everything. What a pain in the ass.

evanuggetpi@lemmy.nz on 21 Oct 2023 00:25 collapse

Cloudflare not impressed blog.cloudflare.com/how-cloudflare-mitigated-yet-…

Unaware7013@kbin.social on 21 Oct 2023 01:56 collapse

We urge Okta to consider implementing the following best practices, including:

Take any report of compromise seriously and act immediately to limit damage; in this case Okta was first notified on October 2, 2023 by BeyondTrust but the attacker still had access to their support systems at least until October 18, 2023

Holy shit, this is absolutely beyond negligent for an authentication platform.

thepianistfroggollum@lemmynsfw.com on 21 Oct 2023 03:50 collapse

They need to be raked over the coals by the FTC and class actions.

Case@lemmynsfw.com on 21 Oct 2023 05:25 collapse

And as a former admin for okta (as in admin access within a enterprise) I can also say their implementation can be a pain in the ass, especially if you adopt the system after someone else was fired for, in part, screwing it up.