Okta Source Code Stolen from GitHub in Third Breach of 2022
The source code theft reportedly affected Okta Workforce Identity Cloud repositories on GitHub.
Identity management leader Okta confirmed that its GitHub repositories were breached this month. Threat actors were able to steal the company’s source code after compromising its Workforce Identity Cloud repositories on GitHub.
According to a confidential email notification sent by Okta internally and seen by BleepingComputer, GitHub notified the San Francisco-based company of suspicious activity in its code repositories in December 2022.
Okta’s internal email and public advisory says unknown threat actors copied some GitHub repositories containing source code but clarified that no customer data or company infrastructure was impacted. The incident was reportedly limited to Okta Workforce Identity Cloud repositories.
“We have confirmed no unauthorized access to the Okta service, and no unauthorized access to customer data. There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers,” the email reads.
“No customer action is required and the Okta service remains fully operational and secure.” Okta restricted access to GitHub upon being notified by Microsoft-owned GitHub and suspended integrations with third-party applications.
See More: LastPass Hacked, Portion of Source Code Stolen Following a Developer Account Breach
Exposed source code can have a two-fold impact on organizations. It can expose the inner workings of a software product or web-based platform and lead hackers straight to vulnerabilities, if any. Additionally, organizations can inadvertently embed passwords or other sensitive information within the source code, as Toyota found the hard way in October 2022.
Okta added in its email, “We have taken steps to ensure that this code cannot be used to access company or customer environments. Okta does not anticipate any disruption to our business or our ability to service our customers as a result of this event.”
Okta is an attractive target for cybercriminals, given its access management product line and solid customer base. In its Q3 2022 earnings release in late November, the company said it has approximately 17,000 customers leveraging its platform. There is even a dedicated phishing campaign named 0ktapus wherein threat actors seek to compromise Okta identity credentials and two-factor authentication (2FA) codes.
In January 2022, the company was targeted by the Lapsus$ cyber extortion group, which the company didn’t disclose until Lapsus$ did in March 2022. Fortunately, the Lapsus$ attack, which was initially believed to have compromised 2.5% of the then 15,000 Okta customers (375 organizations), turned out far less damaging.
Later in September 2022, Okta suffered a breach of Auth0 code repositories. Auth0 Customer Identity Cloud remains unaffected in the latest breach.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
MORE ON DATA BREACHES
