this post was submitted on 24 Oct 2023
182 points (98.4% liked)

Technology

59454 readers
4857 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Okta cybersecurity breach wipes out more than $2 billion in market cap::Okta shares continued their fall Monday after the company said client files had been accessed by an unknown hacker, the latest attempt involving the company.

top 14 comments
sorted by: hot top controversial new old
[–] otter@lemmy.ca 53 points 1 year ago* (last edited 1 year ago) (2 children)

headline gives the picture that they broke in and stole money or something. It's not the breach that wiped out the market cap, it's their poor cybersecurity practices that did it. The breach just showed people that there are existing problems with the company

after the company said client files had been accessed by an unknown hacker, the latest attempt involving the company

... latest attempt?

[–] tsonfeir@lemm.ee 21 points 1 year ago

Yeah, it’s like all the time with these guys. Their salespeople call me and they’re like “we’ve never been hacked” and I forward these kind of links to them

[–] Jerkface@lemmy.world 9 points 1 year ago* (last edited 1 year ago)

Large companies are targeted constantly. I'm sure the qualifier 'latest' was quite out of date by the time the article was published.

[–] Chetzemoka@startrek.website 23 points 1 year ago (3 children)

That's awesome. Both of the healthcare companies I work for use Okta

[–] AlecSadler@sh.itjust.works 8 points 1 year ago

Thankfully the two I work for use Auth0 and Microsoft AD.

I mean...I guess? Auth0 is owned by Okta and Microsoft is Microsoft...

[–] SmashingSquid@notyour.rodeo 6 points 1 year ago

The company I order my diabetes supplies from uses okta. Judging by how crappy their website is (once my order didn’t go through but I didn’t know because it sent me the order confirmation email) I expect if anyone got in their accounts they wouldn’t notice.

[–] GONADS125@lemmy.world 1 points 1 year ago

Mine did as well. I'm guessing there's a good chance you use Cerner as well? My former mental health employer switched from Cerner to a program called MyAvatar (we called it Avaturd). I didn't think I'd ever miss Cerner and all it's quirky problems...

[–] stefenauris@pawb.social 11 points 1 year ago (4 children)

I have to admit prior to this breach I had never heard of Okta before, am I alone on this?

[–] Seasm0ke@lemmy.world 23 points 1 year ago (1 children)

It is very common in enterprise environments. If you configure sign in via SAML, OIDC, OAUTH2 youd at least come across documentation for it.

[–] rambaroo@lemmy.world 1 points 1 year ago (1 children)

Why? I've configured these for our enterprise software and I only heard about this garbage company from their job listings on LinkedIn

[–] Seasm0ke@lemmy.world 1 points 1 year ago

Honestly no idea what the selling point is. I imagine its somewhere akin to duo where there are added management features like bypass codes and manual MFA pushes that you don't get with azure. Maybe people went there early after adfs, just speculating

[–] kyle@lemm.ee 13 points 1 year ago

If you work in an office, chances are you use Active Directory or Azure AD. Just another way to sign on to stuff, sorta like how you can "sign in with Google" or "sign in with Facebook" on some sites.

Okta is pretty popular tbh, and a breach this large is crazy.

[–] AlecSadler@sh.itjust.works 6 points 1 year ago

It's because they suck. I'm glad you haven't heard of them.

I have preferred Auth0, but unfortunately, Okta acquired them.

Source: Have spearheaded numerous Okta and Auth0 implementations at publicly traded and private companies. I hate Okta. I still prefer Auth0, but it sucks they're owned by Okta.

[–] GONADS125@lemmy.world 5 points 1 year ago

I had to use okta for a mental health company I worked at. I had so many stages of logging in with different passwords before I could access any PHI, including a ubi key for my laptop on startup.

We still had periodic data breaches.. The sad truth is that our information just isn't safe, and breaches happen constantly.