Episode 02: The Okta Breaches — Technical Breakdown
Breached twice. Twenty months apart. Same underlying problem.
This is the companion technical breakdown for Zero Day Logs Episode 02.
Okta processes billions of authentication requests per month for over eighteen thousand organisations. It is the invisible gatekeeper sitting between employees and every system they log into — at governments, banks, and technology companies across the globe. It was breached in 2022. Twenty months later, it was breached again.
The full technical breakdown covers both breaches: the 2022 Lapsus$ contractor compromise and the 2023 HAR file session cookie theft, including the November 29th expanded disclosure revealing the full customer contact list harvest. It documents the three missing controls, the downstream impact on Cloudflare, 1Password, and BeyondTrust, and how a service account credential moved outside every corporate security control through Chrome’s password sync.
It also covers what good vendor accountability looks like — contractual disclosure timelines, independent verification over self-reported questionnaires, and why the vendors trusted most deeply are structurally the highest-risk link in the chain.
