Share this article on:
UPDATE: Okta confirms that the screenshot currently circulating on social media is a fake
An X user has shared a screenshot of an alleged set of Okta configurations that appears to depict a list of “protected users” exempted from the social media platform’s Terms of Service and able to use disturbing terms in a “list of white-listed slurs”.
The accounts are all far-right accounts and include TrumpWarRoom, Eric Trump, LibsOfTiktok, and outspoken men’s rights activist Andrew Tate.
“New Twitter API leak reveals that there’s a group of ‘protected users’ that are allowed to break the Terms of Service without consequence,” said X user Anti-Fascist Turtle. Included in the post is a screenshot of the list.
“Even including a list of white-listed slurs.”
Soon after, X banned that account for violating the company’s “rules” – in other words, its Terms of Service.
Then VX Underground, the self-described “largest collection of malware source code, samples, and papers on the internet”, entered the chat, confirming it was the unwitting source of the leak.
“This was shared privately and internally in vx-underground with members,” the group said on its X account.
“We briefly discussed it, but removed the tweet as we intended to do more research because we could not independently verify the validity of this information.
“We’ve got a leaker in VXUG.”
According to another post on X, VX Underground was sent a direct message from a “throwaway” account that shared the Okta link and its screenshot with the group. The group then decided to pass the information on to “other people who are better fitted to do investigative research and journalism”.
However, someone leaked the images before the investigation could conclude, with people now sharing the news of the leak and its list of alleged “protected users” on X and beyond.
What VX Underground did say was that the URL included in the leak could not be connected to, and instead, it returned 403 or 404 errors. Cyber Daily has tested the URL – http://protected-users.twitter.okay.com/1721835914 – and confirmed that it indeed 404s.
“We have no way to accurately assess if the information is accurate,” VX Underground said in a post dated 7:35am on 25 July.
While some believe the leak to be true, other commentators are not so sure. For one thing, there are several typos in the screenshot of the user list, and some have pointed out that the configuration of the alleged list makes no sense.
“Okta doesn’t do multilevel subdomains. Okta API’s don’t operate like this at all. The URL is all wrong,” said X user @scriptjunkie1.
“Data access always requires auth. They use other data formats. Anyone who’s worked with Okta config knows this is a very lazy fake, and it’s irresponsible to share.”
Several users of the Hacker News site were also leary of the list’s authenticity.
“Why would they use Okta to pass such a list of ‘protected users’ to the clients?” one user asked.
“This is obviously fake. As tech-savvy users, you should easily be able to verify this,” said another.
“The subdomain cannot resolve as it does not have a valid cert, and okta does not have an API to do this.”
Cyber Daily has not reached out to X for comment, as Elon Musk admitted in March of last year that all comments directed at the company by the media are ignored.
A journalist with better contacts, Leonard Bernardone, is saying that X has said "the images being circulated are fake".
For now, however, X’s heavy-handed banning of the account sharing the original leak is leaving some to believe it must be, in some way, true. That said, there’s currently no way to confirm the leak is real, and it should probably be taken with a grain or two of salt, no matter how believable it may be.
UPDATE 26/07/24 - An Okta spokesperson has confirmed with Cyber Daily that the screenshot is not legitimate.
"We've confirmed the screenshot is fake," the spokesperson told Cyber Daily on July 26.
UPDATE 25/07/24 to add X commentary.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.