Posted on 03/22/2022 3:15:33 PM PDT by NohSpinZone
Okta, the $25 billion market cap company that handles logins for more than 100 million users, today confirmed it suffered a breach in January via a third party customer support provider. But for some customers who spoke to Forbes, the disclosure was too late and too scant with information.
Okta’s admittance came after a hacking crew called LAPSUS$, which extorts its targets after stealing their data and often leaks victims’ information in public forums, claimed it had breached the company. LAPSUS$ had previously claimed to have stolen data from major security companies including NVIDIA and Microsoft, leading both to investigate the alleged breaches. The crew posted screenshots showing access to apparent internal Okta systems in an attempt to prove the breach was real.
In a statement on Tuesday, Okta said: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.” The company had not responded to further questions about the severity of the attack.
(Excerpt) Read more at forbes.com ...
Somebody has a data privacy mess on their hands.
Over 100 million somebodies do.
I had not heard of OKTA, but they are in the . . . IDENTITY VERIFICATION business. This failure, and the slow communication and response SHOULD put them out of business.
I think at this point if I were starting up such a business I would use a proprietary OS, possibly built off of legacy OSs (e.g. DEC) and a non TCP/IP network protocol (maybe an updated, more secure version of Banyan VINES). Of course, we are then looking at $1 billion just to turn on the lights.
Banyan Vines. Dang if that’s not the wayback machine!!!
This is much worse than it appears. Trust me, this is the tip of the iceberg.
Okta is Microsoft’s biggest identity competitor. What this represents is unconscionable. If okta lasts a year, they’ll be half their current size if not smaller.
Lapsus did more than compromise okta. They got customer data. I can’t understate how bad this is.
Go ahead ...keep using a credit card or register with stores under your own name....I have always used a pay for credit card with a name and info that IS real but not me....I put just enough on it to make a purc hase and thats it...DO NO business with a “CREDIT” card in your name...DeBIT is one thing ...and for those of you afraid to go out at night I would tell you to squirrel away cash .../s
Go ahead ...keep using a credit card or register with stores under your own name....I have always used a pay for credit card with a name and info that IS real but not me....I put just enough on it to make a purc hase and thats it...DO NO business with a “CREDIT” card in your name...DeBIT is one thing ...and for those of you afraid to go out at night I would tell you to squirrel away cash .../s
Our health care provider uses Okta to authenticate users when logging in. This is bad news!
Time to change the pw.
The company I retired from last year uses OKTA.
I wonder if the Help Desk has been told that 195,000 users will have to reset their passwords and to expect a few more calls....
So far, I’ve heard nothing from any sites I’m registered with, but that may change. Does OKTA list, anywhere, their client list?
The company I work for uses Okta for all authentication. Hope it isn’t too severe. We use MFA with authorized cellphones, so I don’t know if a data breach could result in unapproved access.
Found it.
I see FedEx, Experian, Advent Health, Dignity Health, TMobile and Adobe logos at the bottom of their site’s homepage.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.