naïve question: Is there anything regular consumers can/should do in light of this information? Changing passwords etc seems futile if hackers have internal developer access anyway
I doubt too many people are using Okta as a regular consumer. If your work stuff uses it, the general advice has always been to keep it aggressively partitioned from your personal life. Hacked or not, your IT admin has always had access to everything, and I don't know if I'd trust them with my data any more than Lapsus$.
is there an app that can send bulk gdpr data deletion requests for no-longer-used services?
seems like it'd be possible write an app that scans email history to detect services that have your data, scrape their websites to determine support email address(es), and send a GDPR data deletion request template to each of the selected ones.