Re: tentative: Okta may have been breached since late January

Tom Bentley

My first thought was that if they had obtained sufficient access to compromise clients they would have kept quiet about it.

On Mar 22, 2022, at 17:35, JP <jp@...> wrote:

Thanks again Royce. 

I have been watching this on some MSP forums as well, a security vendor posted this yesterday afternoon, I was also kind of waiting to see what this really is once the dust settles. Currently the concern among that community is that our vendors may have been using Okta for authentication and everyone is really gunshy since the Kaseya and Log4J events. So even though I don't personally employ Okta I am asking my vendors if they do. If I find anything I will be sure to reply here.

On Mon, Mar 21, 2022 at 10:34 PM Royce Williams <royce.williams@...> wrote:
Developing story - take with a grain of salt. If you use Okta, it might be useful for IR resources to start tentative evaluation of applicability to your environment.

Early speculation is that the threat actor (LAPSUS$) may have lost their foothold, and so decided to "burn" it for the exposure.


Royce Williams
Tech Solvency

Join to automatically receive all group messages.