Okta – Percona’s statement – Percona Database Performance Blog

On twenty second March 2022 08:43 UTC, we grew to become conscious of the difficulty affecting Okta, a third-party identification supplier that Percona makes use of for https://id.percona.com. Initially, there was no assertion from Okta, so our Safety Operations group reviewed the knowledge obtainable from LAPSUS$ and different public sources.

Based mostly on the general public data obtainable concerning the problem, we evaluated the potential publicity to Percona and decided that the impression was minimal. Percona makes use of Okta integrations so https://id.percona.com can be utilized to authenticate towards Percona’s deployments of:

  • boards.percona.com (Discourse)
  • percona.service-now.com (ServiceNow)
  • portal.percona.com (Dashboard portal interface the place customers & purchasers can add their PMM integration).

Integrations of PMM with Percona’s portal doesn’t at the moment enable for administration from the portal.percona.com interface (learn: No instructions could also be issued to the PMM server).

On the time of writing, Percona is conscious that the extent of compromise allowed LAPSUS$ entry to drive a reset of each password and MFA Secrets and techniques for particular person customers. Info launched by Okta famous that passwords weren’t discoverable and acknowledged that solely 2.5% of Okta’s clients had been affected.

On 2022-03-24 20:04 GMT/UTC Percona acquired discover of no impression from Okta.

While the discover states that Percona was not impacted, we strongly urge customers of https://id.percona.com to observe greatest practices by making certain they replace their password with a completely distinctive password that’s not shared with different platforms, is ample complexity and size, and deploy 2FA/MFA the place ever attainable to take action.

Despite the fact that the impression on Percona is minimal, we’re taken actions to additional strengthen the Percona providers and tasks that use Okta for identification administration providers. The Safety Operations group will proceed to watch public data and Okta’s response because it turns into obtainable. We are going to additional assess further safety actions that have to be taken and the choice identification administration suppliers, if mandatory.

Percona’s purchasers’ and customers’ safety, is on the core of our Safety Operations group’s values and can proceed to stay our core focus. This implies we are going to at all times attempt to make sure that our chosen third-party distributors introduce minimal viable threat. Nonetheless, when service suppliers create a threat to our clients, and the response from the service supplier is just not supplied in a well timed method, we try to make sure we’re exploring all features of knowledge being made obtainable to reach at our personal conclusions and strengthen our safety posture.

Should you ought to have any issues or questions associated to this or different security-related queries at Percona please evaluation https://www.percona.com/security to your channels for enquiry.

 

Form Regards

 

David Busby

Info Safety Architect Percona

 

Okta’s updates hyperlinks:

 

https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/

https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/

Leave a Reply

Your email address will not be published. Required fields are marked *