“Authentication services company Okta Inc said on Tuesday it is investigating a report of a digital breach after hackers posted screenshots of what they claimed were its internal company environment.”
They are simply looking into it. Not offering unwarranted speculation or conjecture. Not providing any information that could assist attackers. And not being unreasonably dismissive, nor downplaying it.
I really don't see the problem with their response. What would you propose in the circumstances?
It's just one of those responses that's not actually a response. It's the only response you can give, and you only give it because you're forced to give a response. It's a noop.
Then I wonder why it is remarkable? The absence of a response may be worth commenting on, but this seems fairly unimpeachable.
It's distinguishable from a noop because some information is imparted, namely that a) they are aware of the issue and b) that they have formed a preliminary view it warrants a response.
If, for example, the screenshots didn't actually look like their internal admin interface (and so were obviously doctored), they would probably say something to that effect in the initial post. The fact that they're merely "looking into it" implies the information they have so far makes them think this at least could be a real hack.
“Authentication services company Okta Inc said on Tuesday it is investigating a report of a digital breach after hackers posted screenshots of what they claimed were its internal company environment.”
https://www.reuters.com/article/okta-breach-idUSL2N2VP07B