top | item 30763159

(no title)

The screenshots on the linked tweet make it look like okta dog foods their own product for access to various services and someone has access to one of their admin accounts. Which is bad, but that could mean “we phished this one person who works at okta” and not “we compromised okta and have unfettered access to their customers/valuable assets”.

The news of the coming days may well prove me wrong, but i am not assuming the worst from this yet. Many companies whether or not they use an idaas do things like login anomalie detecting, and users coming in from weird locations and weird times of day would be sure to set of alarm bells at some of the big targets. Heck, AWS does it for customers with guard duty.

discuss

tuwtuwtuwtuw|4 years ago

The breached account shown in screenshot belong to a user at a 3rd party outsourcing firm providing support services for Okta. So he is technically not an Okta employee.

It seems strange that such a user would have wide access. It could be that his account was just used to gain further access, or it could be that his account had wide access by mistake. Or the user doesn't actually have that wide access.

There are talks about superuser access. But is that referring to the user's actual privileges or the fact that he has access to the tool called "superuser" shown in the screenshots?

I need more patience.

tyingq|4 years ago

The screenshot in question: https://twitter.com/BillDemirkapi/status/1506110405793492992