Reply to post: Okta's comms have been laughable

Okta now says: Lapsus$ may in fact have accessed customer info

Ben Tasker

Okta's comms have been laughable

Compromises happen, even to authentication providers.

What doesn't instill trust though, has been Oktas communication about the issue.

They've gone from "no, it's just something that happened months ago that we never mentioned" to "yeah, it was months ago, and it turns out they accessed some customer data, we're making contact"

Forensic investigations take time, it's not Okta's fault they only got the report back recently, but they should have been proactively contacting customers *in january*.

They're a gateway to a myriad of other systems, there's absolutely no excuse for having left those systems at risk despite knowing that a "limited" compromise of their own systems had occurred.

All they needed to say was

"Dear customer, we've detected a possible security incident with a third party supplier, we're investigating, but please consider whether you wish to reset access credentials"

Instead they kept quiet and let their customers shoulder the risk.

Not exactly a ringing endorsement for a provider that's supposed to be part of your first line of defence

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon