“As a result of the investigation, along with our ongoing assessment of external threats, we are confident there is no longer a security risk.”
Matthew Prince, CEO of Cloudflare, went as far to say that his web security business was considering other options for its single sign-on tech, which is designed to allow employees one password for numerous services, needing only a one-time code to access apps. Jon Oberheide, former cofounder of Okta rival Duo Security, tweeted that Okta’s explanation and apparent playing down of the breach should be taken “with a grain of salt.” He went on to describe a case in which Okta had similarly played down its vulnerability to a hack of multiple single sign-on vendors, including Duo.
For now, the lack of communication from Okta on the nature and severity of the breach is leading to customer anger, not to mention panic. “A breach at Okta could lead to potentially disastrous consequences,” said Ekram Ahmed, a spokesperson at cybersecurity company Check Point. “If you are an Okta customer, we strongly urge you to exercise extreme vigilance and cyber safety practices. The full extent of the cyber gang’s resources should reveal itself in the coming days.