Re: tentative: Okta may have been breached since late January

Home Messages Hashtags

Tom Bentley #523 My first thought was that if they had obtained sufficient access to compromise clients they would have kept quiet about it. toggle quoted messageShow quoted text On Mar 22, 2022, at 17:35, JP <jp@...> wrote: Thanks again Royce. I have been watching this on some MSP forums as well, a security vendor posted this yesterday afternoon, I was also kind of waiting to see what this really is once the dust settles. Currently the concern among that community is that our vendors may have been using Okta for authentication and everyone is really gunshy since the Kaseya and Log4J events. So even though I don't personally employ Okta I am asking my vendors if they do. If I find anything I will be sure to reply here. On Mon, Mar 21, 2022 at 10:34 PM Royce Williams <royce.williams@...> wrote: Developing story - take with a grain of salt. If you use Okta, it might be useful for IR resources to start tentative evaluation of applicability to your environment. https://www.reuters.com/article/okta-breach-idUSL2N2VP07B https://twitter.com/vxunderground/status/1506114493067186183 https://twitter.com/BillDemirkapi/status/1506109959230136321 Early speculation is that the threat actor (LAPSUS$) may have lost their foothold, and so decided to "burn" it for the exposure. Royce -- Royce Williams Tech Solvency
More All Messages By This Member

Join nuga@groups.io to automatically receive all group messages.