Today, almost a month after a security incident was announced, Okta notified me that my data was also affected.
One month.
It's bad enough that there was such an incident, but then to take a month for this notification doesn't build trust.

Farewell, Okta.

#OktaHack #Okta #Security #Fail

Am I surprised? No. I'm literally giggling like a dork #HackedAllTheDatas #OktaHack

https://techcrunch.com/2023/11/29/okta-admits-hackers-accessed-data-on-all-customers-during-recent-breach/?utm_medium=TCnewsletter&tpcc=TCdailynewsletter&guccounter=1

#Okta is blaming the recent hack of its support system on an employee who logged into a personal #Google account on a company-managed laptop

https://www.cyberkendra.com/2023/11/okta-says-134-customers-impacted-by.html

#security #hack #breach #OktaHack

Shame on you, @arstechnica ... You clearly worded the title of this clickbait article to make it seem as if Okta was breached again, when in fact that isn't true at all here.

The BS title: "Okta hit by another breach, this one stealing employee data from 3rd-party vendor"

Titling it "Okta hit by another breach..." is misleading, when the reality is Rightway was the one "hit by a breach"... Okta was indirectly impacted by the breach, and in a way that affects nobody but their employees.

You knew this wasn't appropriate wording for the title, but you chose to capitalize on current events for clicks.

Okta wasn't even the only Rightway customer affected by the breach, so where's your article for every other company "hit by a breach" they had nothing to do with?

Throwing shade, you wrote:

Okta learned of the compromise and data theft on October 12 and didn’t disclose it until Thursday, exactly three weeks later.
This 3rd party breach only affected Okta employees -- who else do they owe a disclosure to? This only affects them! IMHO, the only one that owes anyone a disclosure here is Rightway.

I am as big a critic of Okta's breach history as anyone, but needlessly kicking them while they're down feels unethical. Do better.

Edited: to reflect the entire title, which is only 50% clickbait BS.

https://arstechnica.com/security/2023/11/okta-hit-by-another-breach-this-one-stealing-employee-data-from-3rd-party-vendor/ #okta #OktaHack

Just got an email from Okta with a ton more details about their investigation of the breach. For some strange reason, they've marked the email as "confidential" and not to be shared until they post the information publicly on their blog "the morning of November 3 (Pacific Time)" so I guess I will respect that -- but it's odd.

The email contains what the original notification should have, but I guess better late than never.

There is only slightly more new information in this notification that is not already publicly known, but greater detail into the timeline.

They do also speak vaguely about the initial attack vector, which was previously undisclosed, but they leave a lot of questions unanswered about it. #okta #OktaHack