[delive]

I thought so too, but then was surprised to see:

   Based on the activity logs provided by Okta for their Support Portal, the HAR file had not been accessed by their support engineer until after the events of the incident

[StressedDev]

That tells me either the attacker either removed the access from the logs OR the attacker figured out how to access the HAR file without having the access recorded in the logs.

[dannyw]

All this says is that the support engineer didn't access the file. It doesn't say the attacker wasn't logged accessing it.

[fernandotakai]

>Oct 21, 2023: Okta confirmed publicly that their internal support systems were compromised. This answers how the HAR file was accessed by the attacker and that the initial compromise was not through the employee’s laptop.

how can "the industry" trust okta?!