Yeah, it’s like all the time with these guys. Their salespeople call me and they’re like “we’ve never been hacked” and I forward these kind of links to them

Large companies are targeted constantly. I’m sure the qualifier ‘latest’ was quite out of date by the time the article was published.

Thankfully the two I work for use Auth0 and Microsoft AD.

I mean…I guess? Auth0 is owned by Okta and Microsoft is Microsoft…

The company I order my diabetes supplies from uses okta. Judging by how crappy their website is (once my order didn’t go through but I didn’t know because it sent me the order confirmation email) I expect if anyone got in their accounts they wouldn’t notice.

Mine did as well. I’m guessing there’s a good chance you use Cerner as well? My former mental health employer switched from Cerner to a program called MyAvatar (we called it Avaturd). I didn’t think I’d ever miss Cerner and all it’s quirky problems…

It is very common in enterprise environments. If you configure sign in via SAML, OIDC, OAUTH2 youd at least come across documentation for it.

If you work in an office, chances are you use Active Directory or Azure AD. Just another way to sign on to stuff, sorta like how you can “sign in with Google” or “sign in with Facebook” on some sites.

Okta is pretty popular tbh, and a breach this large is crazy.

It’s because they suck. I’m glad you haven’t heard of them.

I have preferred Auth0, but unfortunately, Okta acquired them.

Source: Have spearheaded numerous Okta and Auth0 implementations at publicly traded and private companies. I hate Okta. I still prefer Auth0, but it sucks they’re owned by Okta.

I had to use okta for a mental health company I worked at. I had so many stages of logging in with different passwords before I could access any PHI, including a ubi key for my laptop on startup.

We still had periodic data breaches… The sad truth is that our information just isn’t safe, and breaches happen constantly.