Okta breach


Doesn’t look good for Okta (down 10% before market)

Interesting comments from Cloudflare CEO on a conversation on twitter:

Matthew Prince:

“We are resetting the @Okta credentials of any employees who’ve changed their passwords in the last 4 months, out of abundance of caution. We’ve confirmed no compromise. Okta is one layer of security. Given they may have an issue we’re evaluating alternatives for that layer.”

Random person: “Cloudflare for Identity?“

Matthew Prince: “ Never wanted to get into that space, but sooooooooooo disappointed with the alternatives.”

Random person: “Please do, it will integrate well with existing Zero Trust offering“

Matthew Prince: “ Would rather play well with others. But if no one else can keep their secrets safe… maybe we’ll have to…”


Not sure how serious he is, but it could be big if true?


Okta so far denies a breach.


Identity management provider Okta Inc. said Tuesday that a preliminary investigation found no evidence of any ongoing malicious activity after hackers posted images they said were of the company’s internal systems.

The screenshots most likely related to an earlier security incident in January, which has already been resolved,
the San Francisco-based company said in a statement posted overnight on its website.

More than 15,000 customers world-wide, including multinational companies, universities and governments, rely on
Okta’s software to securely manage access to their systems and verify users’ identities, according to a recent filing.

Okta’s investigation came after hacking group LAPSUS$ posted screenshots on Telegram, an instant messaging service,
purporting to show that it had gained access to Okta.com’s administrator and other systems. The images were also
circulated on other forums, including Twitter.

The group said it didn’t access or steal any data from Okta itself and that its focus was on the San Francisco-based company’s customers.

Okta said in its statement that it believed the shared screenshots were tied to an attempt in January to compromise the account of a third-party customer support engineer working for a subprocessor. It said the matter had been investigated and contained by the subprocessor.

“Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,” Okta said.

One Okta customer whose information was included in a screenshot posted by LAPSUS$ was Cloudflare Inc., an internet infrastructure and security company. In a tweet, Cloudflare CEO Matthew Prince said the company was aware of the breach
claim, but said there was no evidence that its systems were compromised. It said it was resetting the credentials of any
employees who had changed their passwords in the previous four months.

“Okta is one layer of security. Given they may have an issue, we’re evaluating alternatives for that layer,” Mr. Prince wrote before Okta’s statement was published.

Mr. Prince later wrote that he hadn’t yet gotten a satisfactory answer to concerns over a previous Okta vulnerability incident discovered in December. In January, Okta said it was still investigating that vulnerability, known as “Log4Shell,” which concerned a Java-based logging utility found in a number of software products.

The latest breach claim puts the spotlight once more on LAPSUS$, which claims to have successfully hacked a string of high profile targets recently. In late February, the group said it stole a terabyte of data from chip company Nvidia
Corp. It has also claimed credit for a breach at Samsung Electronics Co.

In its post revealing the Nvidia hack, the group said it wasn’t state sponsored and that “we are not in politics AT ALL.”

Representatives for Nvidia and Samsung didn’t immediately respond to requests for comment.


Okta so far denies a breach.

And now we hear it confirmed… and occurred in January.

Remaining shares liquidated. Make your own decision.

I have no place for liars and deceivers in my portfolio.



Okta, the $25 billion market cap company that handles logins for more than 100 million users, today confirmed it suffered a breach in January via a third party customer support provider. But for some customers who spoke to Forbes, the disclosure was too late and too scant with information.

Okta’s admittance came after a hacking crew called LAPSUS$, which extorts its targets after stealing their data and often leaks victims’ information in public forums, claimed it had breached the company. LAPSUS$ had previously claimed to have stolen data from major security companies including NVIDIA and Microsoft, leading both to investigate the alleged breaches. The crew posted screenshots showing access to apparent internal Okta systems in an attempt to prove the breach was real.

In a statement on Tuesday, Okta said: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.” The company had not responded to further questions about the severity of the attack.


Here’s a headline from today’s WSJ:

Identity-verification provider Okta said that a January data breach revealed by hackers this week may have affected hundreds of customers.


From everything I have read, this does not amount to much. According to the company, which has handled this poorly, a subcontractor gave access to “hackers.” I don’t know of any security system that can withstand an entry by an authorized user or double dealing by an insider. The company said that 2.5 percent of its users may have been impacted.


1 Like

To me the breach is not the primary issue. The lack of transparency from OKTA is. I continued to hold a small position in my taxable account, but sold today. I no longer trust management.
No longer long