Single sign-on platform Okta starts investigation after hack claims – Computer – News

That depends a bit on how the hack went. If a seconded person has their PC out of order or in a bad mood, it’s often not that hard to get in and can look quite legit. (in fact, you can of course make these screenshots in a few minutes and you can even take them if you’re just watching on a hacked PC)

If I had to take a guess, they got access to remote machines from Sykes (a contractor). This is evident from your thread on twitter. Both the account they use belongs to someone at Sykes and the url that contains the remote machine they used.

Doesn’t make it any less bad, of course. But indicates that the problem is probably outside of Okta and that they are now only affected because the rights of that support person have been abused.
If the Okta system is properly put together, everything that employee has done will be audited and they can retrieve it from the systems. And if the hacker group only had access to this employee’s support account (which I suspect from the screenshots), at least they couldn’t clear the audit.

From Okta I would advise all customers to perform a full password reset on all accounts in okta and to have the lists of users checked.

Sykes/Sitel now seems to have a bigger problem than Okta, if this has gone through their systems. It is a pity that Tweakers does not also inquire at Sykes Netherlands whether that remote machine is indeed part of their infrastructure.

–