Okta however confirmed that hackers couldn’t gain access to its services or customer data.
Okta, the authentication giant has been subject to yet another security breach. According to reports, Okta’s source codes were stolen by someone who attacked its repositories at .
David Bradbury (Okta’s Chief Security Officer) sent a confidential email to his “security contacts” revealing that Okta had discovered suspicious activity in December 2022. This led to the leakage of the code repositories.
Okta stated that they had concluded that the access was being used to duplicate Okta code repositories.
Okta stated, “We decided to share the information in accordance with our commitments to transparency and partnership for our customers.”
Bradbury claims that GitHub notified them about suspicious activity, and that someone had accessed the code repositories. Okta began an investigation into the matter and found that it had occurred. Okta responded by temporarily limiting Okta’s access to GitHub repositories. They also suspected that Okta had integrated third-party apps with GitHub.
Okta confirmed that attackers were unable to access customer data and services, Bleeping Computer. Users of Okta’s services (including FedRAMP, DoD and HIPAA) were not affected by the incident. They didn’t have to follow threat-prevention measures.
Notable is the fact that these users are mostly US-based healthcare and government organizations.
Okta, Cyber Attacks
Okta, a cloud-based access and identity management platform, provides single sign-on security, user provisioning and device management.
Already, the company had an uneasy year in terms of security. . In September, Auth0 (owned by Okta) revealed the theft its source code.
What are the possible consequences?
It is clear that source code can be a very valuable asset. Leakage or theft could have devastating consequences. Okta is a popular authentication platform and should be worried because hackers can exploit its source code in order to launch attacks on its customers.
This breach appears to have been limited to Okta’s Workforce Identity Cloud product, and not Auth0 Customer Identity Cloud. Okta will soon share additional information about this incident.
