> We raised our concerns of a breach to Okta on October 2nd. Having received no acknowledgement from Okta of a possible breach, we persisted with escalations within Okta until October 19th when Okta security leadership notified us that they had indeed experienced a breach and we were one of their affected customers.
Do we have anything to suggest CloudFlare is factually wrong? — or was that just random conversational chaff from a brand new account distracting from the stunning incompetence of Okta in ignoring a breach for two weeks?
CloudFlare has more than enough reputation to make such an allegation — and Okta should be cut from any production usage.
Two weeks of failing to address auth compromise is unprofessional conduct by both Okta leadership and engineers.
To be fair, it's also the second time this has happened in 2 years - I don't mean okta breaches in general, I mean it's the second time the support system has been compromized to get access to customer accounts.
