Okta
Posted March 23, 2022 by ‐ 2 min read
Will Okta disclose a breach into one or more customer environments before June 1 2022?
A tweet set off a fast moving conversation about a potential incident at Okta.
A blue team concern is whether to trust Okta’s initial statements. Trusting Okta’s guidance would avoid potentially unnecessary work, but any mistakes in their analysis of the incident might have allowed an adversary to walk through your SSO defenses.
More advanced blue teams might proactively roll internal credentials that could have been exposed by way of compromised Okta access. This is a luxury for more advanced teams who have invested in credential infrastructure or rotation playbooks.
But, this is not the case where blue teams who have not yet gone down these roads. An assessment of the risk might justify the distraction. Or, it might suggest that staying on the current mitigation roadmap is the right way to go. That seems to be the decision point, and it’s one we face often.
So, what would a panel think?
This brings us to the forecast. We can better understand if Okta will make further concessions about a breach. This informs leadership decisions about how much effort to apply towards mitigation. The scenario was designed to predict whether those future concessions may happen and whether the scope might be larger than Okta’s initial communications.
We created a forecast that closed at 5pm PST on 2022-03-22.
14 panelists were elicited with an average of 43.57% Yes. This varied widely, with Yes forecasts ranging from 5-95%.
Okta provided updates soon afterward. These were initially thought to conclude the scenario as Yes, but more recent communications from Okta cloud judgement even further.
Judgement on this forecast is expected to be difficult. The wording Okta has used in the discussion so far has muddied whether customers were impacted by this access or not. Currently, we are finding ourselves re-interpreting Okta’s statements and whether they mean customer data or networks were actually accessed by the adversary or not.
In a few days this post will be updated with Brier Score.
To receive updates on future forecasts, follow @magoo or subscribe here ๐