Okta has, however, confirmed that attackers couldn’t access its customer data or services.
Authentication giant Okta has suffered yet another security breach. Reportedly, someone stole Okta’s source code after attacking its repositories on GitHub.
Okta’s chief security officer, David Bradbury, issued a “confidential” email notification to their “security contacts,” revealing that the suspicious activity the company detected earlier in December 2022 has led to the leaking of its code repositories.
“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” Okta’s notification read.
“We have decided to share this information consistent with our commitment to transparency and partnership with our customers,” Okta explained.
According to Bradbury, GitHub notified it about a possible suspicious activity and that someone accessed its code repositories. Okta launched an investigation and concluded that the access had indeed occurred. In response, the company temporarily restricted access to Okta GitHub repositories and suspected all GitHub integrations with 3rd party apps.
Okta has confirmed that the attackers couldn’t access its customer data or services, reports Bleeping Computer. Hence, users of its different services, including HIPAA, DoD, and FedRAMP, were unaffected by this incident and didn’t need to adopt threat-prevention practices.
It is worth noting that the users of these services are mainly US-based government, healthcare, and defence organizations.
Okta and Cyber Attacks
Okta is a cloud-based identity and access management platform that provides secure single sign-on, user provisioning, data security and mobile device management.
The company already had a troublesome year regarding security. In March 2022, Okta confirmed a data breach by the ransomware group LAPSUS$, and in September, Auth0, which is owned by Okta, reported the theft of its old source code.
There’s no doubt that source code is a valuable asset, and its stealing or leaking can have far-reaching consequences. Okta, a mainstream authentication platform, should be really concerned because attackers can use its source code to discover hidden flaws and launch new attacks against its customers.
So far, this breach seems limited to Okta’s Workforce Identity Cloud product and not Auth0 Customer Identity Cloud. Okta plans to share more findings about the incident soon.