@chort@briankrebs they could have branded it as okta better (eg csid.com took a while to track down). Linked to an official page on okta.com and so on.
@kurtseifried It reads like the notifications that Okta said it had already made to all affected customers when I broke the story about their most recent incident.
Update, 2:57 p.m. ET: Okta has published a blog post about this incident that includes some “indicators of compromise” that customers can use to see if they were affected. But the company stressed that “all customers who were impacted by this have been notified. If you’re an Okta customer and you have not been contacted with another message or method, there is no impact to your Okta environment or your support tickets.”
To me, the more concerning part is that Experian appears to be the messenger.
@briankrebs right? We were an Okta customer ages ago, but left them well before this happened. I’d like to think they got explained involved because that’s what the lawyers they’ve hired to handle this breach recommended maybe? But the whole thing seems really weird right now.
Original Message
Message ID <1531460072.29729015.1703124342154@marketing.csid.com>
Created at: Wed, Dec 20, 2023 at 7:05 PM (Delivered after 0 seconds)
From: Okta <okta@mail.csid.com>
To: "kseifried@cloudsecurityalliance.org" <kseifried@cloudsecurityalliance.org>
Subject: Okta October Security Incident – Contact Information Exposure
SPF: PASS with IP 96.46.132.207 Learn more
DKIM: 'PASS' with domain mail.csid.com Learn more
DMARC: 'PASS' Learn more
Oh wow. this is apparently legitimate, "CSIdentity Corporation" which got glomed by Experian in 2016 https://www.experian.com/blogs/news/2016/04/18/csid/ (finally found a link to csid.com from an Experian site)
Add comment