Hackers Breach Okta’s GitHub Repositories, Steal Source Code

News

Dec 22, 2022Ravie LakshmananSoftware Security / Data Breach

Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month.

“There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers,” the company said in a public statement. “No action is required by customers.”

The security event, which was first reported by Bleeping Computer, involved unidentified threat actors gaining access to the Okta Workforce Identity Cloud (WIC) code repositories hosted on GitHub. The access was subsequently abused to copy the source code.

The cloud-based identity management platform noted that it was alerted to the incident by Microsoft-owned GitHub in early December 2022. It also emphasized that the breach did not result in unauthorized access to customer data or the Okta service.

CyberSecurity

Upon discovering the lapse, Okta said it placed temporary restrictions on repository access and that it suspended all GitHub integrations with other third-party applications.

The San Francisco-headquartered firm further said it reviewed the repositories that were accessed by the intruders and examined the recent code commits to ensure that no improper changes were made. It has also rotated GitHub credentials and informed law enforcement of the development.

“Okta does not rely on the confidentiality of its source code for the security of its services,” the company noted.

The alert comes nearly three months after Auth0, which Okta acquired in 2021, revealed a “security event” pertaining to some of its code repository archives from 2020 and earlier.

Okta has emerged as an appealing target for attackers since the start of the year. The LAPSUS$ data extortion group broke into the company’s internal systems in January 2022 after obtaining remote access to a workstation belonging to a support engineer.

Then in August 2022, Group-IB unearthed a campaign dubbed 0ktapus targeting a number of companies, including Twilio and Cloudflare, that was designed to steal users’ Okta identity credentials and two-factor authentication (2FA) codes.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Gootkit Malware Continues to Evolve with New Components and Obfuscations
ISC Releases Security Patches for New BIND DNS Software Vulnerabilities
GitHub code-signing certificates stolen (but will be revoked this week)
ESET APT Activity Report T3 2022
Black Basta Deploys PlugX Malware in USB Devices With New Technique

Leave a Reply

Your email address will not be published. Required fields are marked *