Okta, a leading manufacturer of Authentication Service and Identity Access Management (IAM) solutions, announced that private GitHub accounts were hacked this month.
According to the confidential e-mail sent by Okta, the security incident contains attack vectors that could potentially steal Okta’s source code.
Okta Source Code Stolen But Customer Data Unaffected
Okta sent a confidential e-mail to the security units, stating that a critical security incident notification was received in the e-mail content.
Multiple sources, including IT administrators, have been confirmed to receive this email notification.
Earlier this month, GitHub notified Okta of suspicious access to their code repositories with a notification.
“Upon investigation, we concluded that this type of access and attack was done to copy Okta’s code repositories,” David Bradbury, the company’s chief security officer (CSO), said in an email.
The company says that although Okta’s source code was stolen, the attackers did not gain unauthorized access to the Okta service or customer data.
As soon as Okta learned of the possible suspicious access, GitHub immediately placed temporary restrictions on repository access and suspended GitHub integrations with third-party apps. Okta reviewed all recent accesses to the software repositories to verify the integrity of the source code found by GitHub. The incident was also reported to law enforcement. In addition, some steps have been taken to prevent this code from being used to access corporate or customer environments. As a result, it was stated that no disruptions were foreseen in the business, in the ability to provide service to customers.
Okta Security Incidents Occurring This Year
It has been a very difficult year for Okta in terms of security, with a series of security incidents and ups and downs.
In September, Okta-owned Auth0 announced a similar case. According to the authentication service provider, legacy Auth0 source code repositories were compromised by “a third-party individual” through unknown means.
In March, the Lapsus group stated that it started posting screenshots of data stolen as a result of its data breach on Telegram. Lapsus claimed that Okta had access to customer data.
Shortly after stating that it was investigating these allegations, Okta admitted that the hack actually took place in late January 2022 and affected 2.5% of its customers.
That same week, Okta stated that he made a mistake in delaying the disclosure of this hack.
Related Article: Okta’s source code stolen after GitHub repositories hacked (bleepingcomputer.com)
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.