Auth companies are high value targets for hackers. You'd think outsourcing auth is a smart idea because it's difficult to get auth right but otoh you might never have been a target if you hadn't used Okta.
Remember RSA and OPM? The RSA hack had huge implications for the Department of Defense, and was probably a state-sponsored hack (likely China). Around the same time the Office of Personnel Management (OPM) was hacked. So the state-sponsored hackers got to all the private details of anyone with classified access and clearances (which can be used for blackmail or for answering those strange "Who was your 3rd grade teacher?" auth questions to get past an identity test), and simultaneously could hack the rotating MFA codes from RSA.<p>Auth companies will always be a high value target for state-sponsored espionage.
As a rule of thumb, if you value the privacy or security of your users, never ever use services such as Okta. Product that rely on them are guaranteed to suffer from breaches. Told my clients that and i was right. It is a matter if time until the next breach.