Okta security incident history - let's learn from other's mishaps
Take action: One incident can happen to anyone. Multiple incidents, especially of a similar kind indicate a systemic problem. Follow the metric of incidents at your third party providers and be very critical when evaluating them. If you are a third party provider, be ready for radical and painful changes after an incident - to prevent a repeat of the incident.
On 20th of October, Okta - one of the largest identity management platforms, reported of security breach in its customer support system. The company clarified that a specific subset of its clients were impacted by this intrusion. Out of Okta's 18,400 clientele, roughly 1% (about 184 customers) were informed about the breach.
Given the prevalence of usage of Okta systems, any compromise poses a risk to it's customers. In this particular instance mulitple very large customers have detected issues that were linked to the incident:
As with any system, there is always a risk of a security incident. Given that Okta caters to a vast and notable customer base with identity and authentication services they are a prime target for attacks.
But this is not the first time Okta has slipped up. In 2022 Okta was impacted by three incidents, one of which is very similar to the latest:
While it's never easy to speak about an organization security posture as an outsider, four security incidents within the span of two years is a significant metric. Okta hasn't provided any details on security process improvements after the incidents, so it's not clear what controls are put in place.
There are two key elements to take away from the series of incidents at Okta:
Be sure not to fall in the trap of certificates and compliance - follow the suppliers for incidents throughout the year, those are much better indicators than all the certificates anyone can achieve.