<redacted>
my life.
Those were the three words I muttered in my bed late last night as I read the Reuter's headline Authentication services firm Okta says it is investigating report of breach. Not only does my Company use Okta as our SSO Provider, but a significant portion of our customers authenticate into our SaaS product using Okta.
Needless to say, I didn't get a good night's sleep. I was up early and promptly got to work assessing the threat the disclosure created. While I hoped for the best, I had to also prepare for the worst.
What I learned:
To summarize the update that Okta published to describe their findings:
- The intruder compromised the account of a support engineer in January.
- The intruder had access to the support engineer account for 5 days.
- That support engineer was a contractor, and did not have access to production data.
- The support engineer did have access to the admin interface for the Okta product.
- The intruder could have reset passwords on accounts, but the password would not be visible to the intruder.
Why I believe the findings
Much like Okta, we serve B2B enterprise customers. When you engage in large-sum deals, your customers or insurers often will require your company to obtain certifications that provide assurances around security, stability, and quality. For us, that certification is SOC2, and requires an annual third-party audit to stay certified.
Many of the actions and rules described in the update align with the same controls we have in place. For example, we do not allow our contractors access to production data.
Recommendations
If you're reading this and use Okta for SSO at work, you may want to consider rotating your password as a precaution.