Last month’s sheer incompetence descends this week into utter farce.

Okta admits it royally screwed up investigating last month’s hack. Seems it missed roughly 99% of the data exfiltrated by the perps. Last month, we learned the customer discovering the hack was basically ignored for two weeks—despite contacting Okta several times. And this is the fifth such hack in under two years!

No explanation. No apology. In today’s SB Blogwatch, we wonder why anyone’s still using Okta.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: HT&E in pieces.

You Had One Job

What’s the craic? Graham Starr rreports—“Okta Says Hackers Stole Data for All Customer Support Users”:

“Shares plunged”
Okta Inc., … which manages user authentication services for thousands of institutions, notified customers … it has now determined the hackers downloaded a report containing data including names and email addresses for all clients. [That’s] far greater than the 1% of customers the company previously said were affected.
…
Okta said in the customer notice that a recent audit found more data was stolen than the company initially thought, prompting the firm to revise its findings. It also discovered that some Okta employee information was included. … Shares plunged as much as 10% … in premarket trading.

Good grief. Carly Page turns to, “Okta admits”:

“Oktapus”
Okta confirmed in October that a hacker used a stolen credential to access its support case management system and steal customer-uploaded session tokens that could be used to break into the networks of Okta customers. … The company has since determined that all of its customers are affected. … Spokesperson Cat Schermann would not provide an exact figure … but Okta has around 18,000 customers, according to the company’s website, including 1Password, Cloudflare, OpenAI, and T-Mobile.
…
The identity of the threat actors behind the most recent breach of Okta’s systems is not yet known. [But] the notorious Scattered Spider hacking group, also known as Oktapus, has previously leveraged various social engineering tactics to target the accounts of Okta customers, including Caesars Entertainment and MGM Resorts.

Horse’s mouth? Okta’s CSO, David Bradbury has this “Update”:

“Discrepancy”
We have determined that the threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users. … The threat actor may use this information to target Okta customers via phishing or social engineering.
…
The discrepancy in our initial analysis stems from the threat actor running an unfiltered view of the report. … We also identified additional reports and support cases that the threat actor accessed, which contain contact information of all Okta certified users and some Okta Customer Identity Cloud (CIC) customer contacts, and other information. Some Okta employee information was also included.

ELI5? Thomas Ricker explains like we’re five—“Oops-an-Okta-daisy”:

The identity management company now says that a report containing every support customer’s name and email address was stolen in a hack from two months ago. … Not a good look for Okta, which is entrusted with securing thousands of major companies worldwide.

LOL wut? wutwutwat agrees, thrice:

At this point it might be time to stop using the service handling your company’s auth, which is supposed to be the most secure link in the chain yet is being hacked every quarter.

All customers? IWantMoreSpamPlease tunes in to one of Okta’s “interesting” claims:

“Customers in government or … defense environments were not impacted.” … They’ve already lied about the scope, wanna bet they are still lying about this as well?

Surely you still trust Okta? MMarsh doesn’t:

Yup. I’d have a hard time trusting Okta after this—at least with the current chief security officer in the chair.
…
You don’t issue statements that are, “Like, so, we guess the hacker got in this way, man, but we don’t really have enough evidence to know,” when your entire freaking business is about access control and authentication. You’re literally claiming to be a leading global authority in this field.

Is that entirely fair, though? A slightly sweary u/patrickoh37 lets rip:

How in the ever-living **** does Okta seem to have incidents like this on a regular basis? It’s baffling anyone trusts them at this point.

There comes a point when blaming the victim is reasonable. Here’s lost_tourist:

It’s one thing if it happens once. But if it happens more than that in a relatively short amount of time, … it becomes your fault you got hacked … for not switching providers of the service.

Meanwhile, u/HalfBakedBlackBean’s glass is half full:

The good thing is there’s nothing much left to be stolen, given that all customer support users were impacted already.

And Finally:

Deconstructing an underrated Beatles’ tune

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: gnuckx select1 (cc:by; leveled and cropped)