It is normal for a provider to not have shared and update over four hours after a suspected security breach is exposed on Twitter?<p>The lack of any communication from Okta seems odd.<p>Okta's status page - https://status.okta.com/
Okta's trust page - https://trust.okta.com/
Twitter account - https://twitter.com/okta<p>Disclosure: I work for a company that uses Okta for SSO but I'm not involved with the administration of the Okta instance.
Okta's CEO has put out a statement - <a href="https://twitter.com/toddmckinnon/status/1506184721922859010" rel="nofollow">https://twitter.com/toddmckinnon/status/1506184721922859010</a>
What vendor have you seen a public response within 4 hours from for such a thing? And unless they've been investigating this for a while already (which one would hope) they wouldn't really be able to say much of substance.