It's been a bit over a week since some troublesome photos were posted to Twitter that appeared to show a breach of Okta's administrative portal. In the days since there have been a number of statements from Okta that leave us... disappointed to say the least. When you're such a critical part of modern digital infrastructure (and a security product to boot) one would hope that a breach and the remediation process would be handled with diligence and care. That doesn't seem to be the case here.
Join us as we talk about Oofta, our new tag line for the Okta breach.
- Okta "We Made a Mistake" - https://www.bleepingcomputer.com/news/security/okta-we-made-a-mistake-delaying-the-lapsus-hack-disclosure/
- Okta Breach FAQ - https://support.okta.com/help/s/article/Frequently-Asked-Questions-Regarding-January-2022-Compromise?language=en_US
- Mandiant Forensic Report for Okta Breach - https://twitter.com/BillDemirkapi/status/1508527487655067660
- KrebsOnSecurity A Closer Look at the LAPSUS Group - https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/