okta
Safeguard articles tagged "okta" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Okta 2023 Customer Support Breach: Implications for Identity Supply Chain
The Okta customer support breach of October 2023 exposed HAR files containing session tokens for major customers. The structural lessons run deeper than the incident.
Okta Cross-Tenant Impersonation 2024
Okta's cross-tenant impersonation advisory and related social-engineering campaigns exposed how identity providers get targeted. Lessons for defenders.
Okta 2022-2023 Incidents: Supply Chain Lessons
A retrospective on Okta's string of security incidents from 2022 through 2023 and what they teach us about identity providers as critical supply chain dependencies.
Cloudflare's Thanksgiving 2023 Breach: How Okta Credentials Led to a Nation-State Intrusion
Cloudflare disclosed that a nation-state actor used credentials stolen from the October 2023 Okta breach to access their Atlassian systems. Their transparent post-mortem set a new standard.
Okta's Support System Breach: Identity Provider Under Fire Again
Okta disclosed that attackers used stolen credentials to access its customer support system, downloading HAR files containing session tokens for multiple customers.
Scattered Spider: The Social Engineering Group That Outmaneuvered Enterprise Security
Scattered Spider combined aggressive social engineering with deep knowledge of enterprise IT to breach MGM Resorts, Caesars Entertainment, and dozens of other organizations.
Okta LAPSUS$ Breach: When Your Identity Provider Gets Compromised
LAPSUS$ breached an Okta support contractor, gaining access to customer tenants. The incident raised critical questions about identity provider supply chain risk.