Identity provider Okta examines reports of security breach

On 22 March 2022, press reports revealed that the identity provider Okta had been compromised in a hack earlier this year. As G&L uses Okta, we have extensively audited our services and determined that G&L is not affected by this security breach (see below for audit processes).

Update 25 March 2022

On the basis of an analysis, Okta has also concluded that G&L was not affected. Here is the original message:

Dear G&L,

We appreciate your patience as we complete our urgent and thorough investigation and assess any impact to our valued customers. The Okta service is fully operational, and there are no corrective actions you need to take.

As discussed in more detail in our technical security blog, we examined all of the access performed by all Sitel employees to the SuperUser application for the five-day period in question. We analyzed more than 125,000 log entries to ascertain what actions were performed by Sitel during the relevant period.

Based on this analysis, we have concluded that G&L Geißendörfer & Leschinsky GmbH was not impacted.We have identified and taken steps to contact the approximately 2.5% of Okta customers whose data may have potentially been viewed or acted upon.

Our customers are our pride, our purpose, and our #1 priority. We take our responsibility to protect and secure our customers' information very seriously. We deeply apologize for the inconvenience and uncertainty this has caused.

Please refer to our detailed blog post for additional information. For any further questions, please contact your account team.We immensely value your business and the trust you put in Okta.

Okta Customer Support

G&L has gone through the following processes on 23 March 2022 for both G&L employees and external users (customers) for testing:

  • Check all password and Multi Factor Authentification (MFA) changes on all Okta instances
  • Suspicious MFA-related events: None
  • [user.account.reset_password
  • user.mfa.factor.update,
  • system.mfa.factor.deactivate,
  • user.mfa.attempt_bypass,
  • user.session.impersonation.initiate. I]
  • Conduct those actions from January 1st 2022 till today

For a recommendation of these steps, see Cloudflare:


Further information from Okta can be found here:

March 23, 2022