In a Friday news dump blog post, Okta chief security officer David Bradbury revealed that a threat actor had access to files for 134 customers. Stolen session tokens from support logs were used to hijack sessions for 5 Okta customers, of which three have been publicly identified: 1Password (which first alerted Okta of the problem), BeyondTrust, and Cloudflare. Not a great look for an identity management company that is supposed to prevent this exact problem.