Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned.

    • Unaware7013
      link
      fedilink
      201 year ago

      We urge Okta to consider implementing the following best practices, including:

      Take any report of compromise seriously and act immediately to limit damage; in this case Okta was first notified on October 2, 2023 by BeyondTrust but the attacker still had access to their support systems at least until October 18, 2023

      Holy shit, this is absolutely beyond negligent for an authentication platform.

      • @thepianistfroggollum
        link
        English
        41 year ago

        They need to be raked over the coals by the FTC and class actions.

        • @Case
          link
          English
          41 year ago

          And as a former admin for okta (as in admin access within a enterprise) I can also say their implementation can be a pain in the ass, especially if you adopt the system after someone else was fired for, in part, screwing it up.