
Okta
US identity and access management platform whose 2022 Lapsus$ breach reinforced the identity-as-attack-surface doctrine, cited in post-Stryker analysis.
Last refreshed: 17 April 2026
How does Okta's 2022 breach connect to the 2026 Stryker device wipe?
Timeline for Okta
Mentioned in: Trellix discloses 21-day-old breach of source-code repository
Cybersecurity: Threats and DefencesMentioned in: Handala wipes 200,000 devices at Stryker
Cybersecurity: Threats and DefencesWas Okta hacked in 2022?
Why is Okta mentioned in the Stryker cyber attack analysis?
Background
Okta is referenced in the Stryker incident analysis as the 2022 Lapsus$ access case that, alongside SolarWinds SUNBURST in 2020, established "identity is the new perimeter" as industry doctrine. The Stryker MDM wipe is assessed as the first post-doctrine mass-scale demonstration that enterprise identity-plane access, not endpoint malware, is sufficient for catastrophic impact.
Okta is a major US cloud identity and access management vendor providing single sign-on, multi-factor authentication and lifecycle management for enterprise users. In 2022, the Lapsus$ group obtained access to Okta's internal systems via a third-party support provider, affecting a limited number of Okta customers. The breach demonstrated that the identity provider itself was an attack surface, not just the applications it protected.
For the cybersecurity market, the SolarWinds-Okta sequence established a clear thesis that the Stryker incident tested operationally: if identity is the attack surface, then controls on the identity plane, specifically Conditional Access, session binding and just-in-time privilege, must match the risk level of the assets the identity platform protects. The CrowdStrike-SGNL acquisition is the market's architectural answer to that thesis.