by ChrisArchitect on 10/20/2023, 8:59:39 PM
by candiddevmike on 10/20/2023, 8:45:23 PM
That Solarwinds is still in business and also had another security breach recently should tell you everything you need to know about the real impact of these things in the long term. Okta's stock may be down but it will go back up once collective amnesia sets in.
What would be more interesting is figuring out how you could claim some kind of injury as an Okta customer due to this incident...
by toddmorey on 10/20/2023, 9:03:50 PM
I feel like it will bounce back... this breach was the support case management system, separate from the production Okta service. Still embarrassing for sure, still risk of confidential info exposed, but doesn't seem to impact core infrastructure.
by RexM on 10/20/2023, 8:30:39 PM
Down over 11% on Friday if you just wanted to know how much it dropped.
by vuln on 10/20/2023, 8:45:21 PM
BeyondTrust Discovers Breach of Okta Support Unit
https://www.beyondtrust.com/blog/entry/okta-support-unit-bre...
by 1-6 on 10/20/2023, 8:47:36 PM
Sometimes I wonder if Okta’s 5% layoff in 2023Q1 can leave security holes. The savings from layoffs is certainly not worth a stock plunge.
Edit: Headline needs to desensetionalaze a bit. -11.57% isn’t too bad.
by AtNightWeCode on 10/20/2023, 9:17:30 PM
I wonder what was really achieved when we left basic auth with sessions and moved to web tokens. None of these jwt services handles logouts as far as I know. It is just a more complex way of doing just about the same thing.
by Ashwizard1 on 10/20/2023, 8:49:26 PM
What security tools would have prevented this type of session hijacking attack? Cyberark EPM? Hashicorp Vault/Boundary?
by Unfrozen0688 on 10/20/2023, 8:40:39 PM
Another security breach? I know about the Lactus?(sp) one a few months or years ago
Related earlier:
Hackers Stole Access Tokens from Okta's Support Unit
https://news.ycombinator.com/item?id=37959904