I recently posted a couple of articles about the recent Okta breach, here, and here. I mentioned how their response was completely tone deaf, essentially blaming customers and a specific employee instead of taking responsibility for themselves, and also seemingly downplaying the size and magnitude of the breach, almost seemingly bragging about how it was just a tiny percentage of customers impacted.
From Okta’s Security Blog Post on November 3rd -
Having finalized our investigation, we can confirm that from September 28, 2023 to October 17, 2023, a threat actor gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers, or less than 1% of Okta customers.
Well, turns out that wasn’t entirely accurate. On November 29th, Okta posted a follow up article explaining that in fact the threat actor was able to download at least some information from all Okta customers. October Customer Support Security Incident - Update and Recommended Actions.
Once again they seem to be downplaying the incident, and giving even more suggestions of what their customers should do, and a whole lot of nothing that Okta is doing.
Security incidents are going to happen, but companies as important as Okta need to do a better job with both their internal security, as well as how they handle these breaches. Really not a good look for Okta, or their CSO David Bradbury.
The Record - Okta security breach affected all customer support system users Tech Crunch - Okta admits hackers accessed data on all customers during recent breach