Okta knew about breach in January, kept mum until Lapsus$ post | #cybersecurity | #cyberattack

Identity services provider Okta took two months to reveal a breach at a third-party provider and waited until the data that leaked out was exposed by a group of attackers known as Lapsus$.

As it turned out, by the company’s own telling, that means the data of some 375 companies – 2.5% of Okta’s customer base which it claims is above 15,000.

It’s not a good look for any company in the technology industry to keep silent for so long about a breach.

And it’s much worse when that company is among the top-sellers of identity services.

As iTWire pointed out on Wednesday, similar incidents have happened in the past at the same company.

That such a claim was made by Okta competitor Duo Security does not diminish its significance one bit.

Duo’s co-founder and chief technology officer Jon Oberheide said in a tweet: “Based on past experience, I’d suggest taking Okta’s public assurances on this incident with a grain of salt. Here’s a quick anecdote from a few years ago that where Okta played some misleading word-games on the impact of a vulnerability in their service.”

He cited a critical 2018 SAML vulnerability, CERT VU#475445, found by Duo that “allowed user impersonation that impacted quite a few SAML libraries and SSO vendors: OneLogin, Shibboleth, Duo ourselves, and…yes, Okta as well”.

Strangely, the CERT page for this vulnerability listed Okta as not being affected. “As Okta communicated to CERT and to customers, Okta was ‘not affected’ because they patched the vulnerability after we reported it to them. That’s not how things work,” he said.

One has to agree with this reasoning; if a product has a bug, it cannot be claimed to be secured just because one patches that bug. There are versions of the unpatched product floating around and whoever bought them needs to know their vulnerability status.

It won’t be long before the company’s personnel start doing the rounds to spin its version of events.

It remains to be seen how many American tech outlets will call out the company for this kind of “disclosure”. I’m willing to bet the number won’t be overly large, if it ever breaks the zero.


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:



Encrypted threats

IoT malware

Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It’s all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Original Source link

Leave a Reply

Your email address will not be published.

− 3 = five