Okta Breach Another Update

I recently posted a couple of articles about the recent Okta breach, here, and here. I mentioned how their response was completely tone deaf, essentially blaming customers and a specific employee instead of taking responsibility for themselves, and also seemingly downplaying the size and magnitude of the breach, almost seemingly bragging about how it was just a tiny percentage of customers impacted.

From Okta’s Security Blog Post on November 3rd -

Having finalized our investigation, we can confirm that from September 28, 2023 to October 17, 2023, a threat actor gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers, or less than 1% of Okta customers.

Well, turns out that wasn’t entirely accurate. On November 29th, Okta posted a follow up article explaining that in fact the threat actor was able to download at least some information from all Okta customers. October Customer Support Security Incident - Update and Recommended Actions.

Once again they seem to be downplaying the incident, and giving even more suggestions of what their customers should do, and a whole lot of nothing that Okta is doing.

Security incidents are going to happen, but companies as important as Okta need to do a better job with both their internal security, as well as how they handle these breaches. Really not a good look for Okta, or their CSO David Bradbury.

Links - https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause

The Record - Okta security breach affected all customer support system users - https://therecord.media/okta-security-breach-all-support-users Tech Crunch - Okta admits hackers accessed data on all customers during recent breach - https://techcrunch.com/2023/11/29/okta-admits-hackers-accessed-data-on-all-customers-during-recent-breach/