# A few more notes on Okta

By [Doug Lane](https://paragraph.com/@axalane) · 2022-03-30

---

Before I move on, here are a few more tidbits about the Okta breach that I found interesting:

**1.** The ring-leader of Lapsus$ is reportedly [a teenager from the UK](https://www.linkedin.com/posts/bkrebs_a-closer-look-at-the-lapsus-data-extortion-activity-6912527406549331968-mK7G). 😲

**2.** Their techniques are very low-tech and focused on social engineering and bribery of insiders and supply chain partners, [according to Microsoft](https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/) (who, as you have heard, was also breached by Lapsus$).

**3.** In [an open letter to Okta](https://www.linkedin.com/pulse/open-letter-okta-amit-yoran/), Tenable CEO Amit Yoran provides an even better example of the power of competence + transparency than the one [I offered yesterday](https://mirror.xyz/axalane.eth/1djT1KZ7VwtN9PAp4Rvs_1Uk9AG-swX16ew8uctrHgg):

Trust is built on transparency and corporate responsibility, and demands both. I’ve been in the space long enough to know that security is imperfect. Even Mandiant was breached. But they had the fortitude and competence to provide as much detail as they could. And they remain one of the most trusted brands in security as a result.

\-Doug​

---

*Originally published on [Doug Lane](https://paragraph.com/@axalane/a-few-more-notes-on-okta)*