[parimm]

There is cloudflare PII in one of the screenshots, I wonder if Cloudflare was notified of access to their data in January.

Speculation from here on.

In my personal opinion,Cloudflare's actions indicate that Cloudflare was not notified of the breach until today.

```We are aware that @Okta may have been compromised. There is no evidence that Cloudflare has been compromised. Okta is merely an identity provider for Cloudflare. Thankfully, we have multiple layers of security beyond Okta, and would never consider them to be a standalone option.``` - @eastdakota - https://twitter.com/eastdakota/status/1506143353544478724

[throwoutway]

‘“Merely” an identity provider for [us]’ is selling the understatement of the year

[babelfish]

Identity + AuthN != AuthZ

[twistedpair]

That was a pretty rapid response from CF though, are we sure they didn't know ahead of today? How long did they have to determine "no evidence" before making a public statement about it?

[ztjio]

Any competent operation is continuously monitoring all available signals for signs of breach. All I read into this is that their systems have not identified any IoCs. Doesn't mean it hasn't happened, but, if you're relying on something non-automated to make these kinds of determinations, you're already pretty screwed. Forensics is definitely a thing in cases where there's reason to believe a breach happened, but, it's not the thing that will be used to decide something has happened worth investigating.

Thus, it should take approximately zero actual time to conclude what was stated here.

[twistedpair]

Touche... CF SIRT is an a well oiled machine [1]

[1] https://blog.cloudflare.com/cloudflare-investigation-of-the-...