"The threat actor actively controlled a single workstation, used by a Sitel support engineer, with access to Okta resources," wrote Okta chief security officer David Bradbury. "During that limited window of time, the threat actor accessed two active customer tenants within the SuperUser application and viewed limited additional information in certain other applications like Slack and Jira that cannot be used to perform actions in Okta customer tenants."
It now looks like the breach was far more limited in scope, but Okta said it took lessons from the situation. It terminated its relationship with the contractor in question and promised to strengthen audit procedures for others. It's also going to directly manage the devices of third parties with access to customer support tools so it can respond more "effectively" to incidents. Finally, it's adopting new systems to "help us communicate more rapidly with customers" on security issues.