I actually think the definitional conflict might be on the term "Okta service" -
> the Okta service has not been breached
If you consider the Okta service as the infrastructure acutally providing auth services to customers - then it wasn't breached. Only Okta support services were breached and that did not (going with Okta's line here) actually allow for somebody to access the actual Okta auth services.
> the Okta service has not been breached
If you consider the Okta service as the infrastructure acutally providing auth services to customers - then it wasn't breached. Only Okta support services were breached and that did not (going with Okta's line here) actually allow for somebody to access the actual Okta auth services.