Richard Lawler / The Verge:
Okta fixes a flaw present since July 23, 2024 that, under specific conditions, let users log in with any password if the account's username had 52+ characters — The vulnerability is fixed now, but Okta said that for three months it could've been used to access accounts with usernames stretching at least 52 characters long.