We urge Okta to consider implementing the following best practices, including:
Take any report of compromise seriously and act immediately to limit damage; in this case Okta was first notified on October 2, 2023 by BeyondTrust but the attacker still had access to their support systems at least until October 18, 2023
Holy shit, this is absolutely beyond negligent for an authentication platform.
Ahahahahahahahahahahahahahahahahaha