"Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop,"
How was this possible, given the nature of the company?
Okta has confirmed details of its October breach, reporting that the incident led to the compromise of files belonging to 134 customers, "or less than 1 percent of Okta customers." Okta's report on the breach confirms much of what was previously known, but provides the first set of solid numbers of those affected, and notes …
Most of these breaches end up being some for of human failing, whatever the reason.
The responses are equally annoying:
Only 1% of customer's affected
It was only email address
It was data from 5 years ago
It only contained users names and passwords
No banking information was taken
And so it goes on. The comes a point where there is so much that has been stolen or left open for people to take that we have a massive problem yet nobody gives a stuff. Compute is so cheap and fast now that data matching is easy. It becomes a simple task to collate different exposed data sets to put together a master set that contains enough information to steal identities and all sorts.
You always see "a tiny fraction" or "less than X%" in these PR statements, and it's always not the point. The point is, you sell a security product, you failed to protect your clients, and now every one of your remaining customers has a very legitimate right to question your ability to deliver on what they're paying you for. It doesn't matter if only a single customer was affected, that's still 1 too many when you sell security software and solutions.
And worse than that is the story from a week or two back where Okta went radio silent on one of the customers mid-breach! To me, that's an unforgiveable sin for any security company. Any CTO worth their stock options should be conducting a thorough evaluation of all competing products, and even whether they really need a SSO type service such as Okta at all. Well, their staff should be anyway.