top | item 38133160

(no title)

I don’t know why people are all pretending like this is irrelevant to Okta's security.

An employee list like that is a goldmine for all sorts of social engineering and phishing attacks.

discuss

nakon|2 years ago

It’s not that it isn’t relevant, it’s the clickbait-y headline and insinuation that Okta itself was compromised again. Any major company using third-party vendors would be in the same position (and for all we know, this healthcare company provided services to multiple other companies). Fault Okta for not doing enough vendor due diligence, sure, but don’t use clickbait to imply Okta itself was breached.

dr_faustus|2 years ago

Be it as it may, it does not really matter, whether it came from a Okta database or of any other company. It further compromises Okta's security which is pretty bad because being secure is basically their primary service proposition.

BeefWellington|2 years ago

Firstly, the title literally does what you're asking:

> Okta hit by another breach, this one stealing employee data from 3rd-party vendor

You have to read the whole thing.

Secondly, let's assume you were right and the title was simple "Okta hit by another breach" and there were no other words.

Do you not view it as problematic that the company has in two months had a major compromise of its own services via phishing, as well as that of a company supplying health-related services to its own employees? Do you not view that as potentially hazardous and concerning?

They chose this company. Effectively, they vetted this company and believed them to be doing things in a way that was secure for their employees. If that vetting process is terrible, then it speaks to how organization-wide the issues there are.

ryanisnan|2 years ago

The real takeaway for Okta in 2023, if they didn't know it already, is they are dealing with nation state threat actors, and if they think they are over-investing in security, they probably aren't.