After a hacker broke into its GitHub repository, Okta said it is dealing with another big security problem.
The code repository hosting service GitHub alerted the identity and authentication industry leader on January 9 about “suspicious access.” The company issued a statement on the matter on Wednesday. Okta has found that hostile actors used this access to steal source code for the company’s enterprise-facing security product, Workforce Identity Cloud (WIC).
Okta stated in a statement, “We immediately set temporary limitations on access to Okta GitHub repositories and halted all GitHub interfaces with third-party apps after becoming aware of the suspected suspicious access.”
Okta refused to tell TechCrunch how hackers breached their systems to steal sensitive data.
Okta claims that the Okta service and client data were not compromised and that the Auth0 products it bought in 2021 are unaffected. Okta’s service security is not dependent on keeping its code under wraps. Okta has assured the public that their service is still available and safe to use.
Since being made aware of the compromise, the business claims to have cycled GitHub credentials, examined all recent contributions to Okta software repositories, and evaluated recent access to Okta software repositories. Okta also claimed to have informed the authorities.
Okta did not state whether or not it has the technological capabilities (such as logs) to determine which of its systems were accessed and whether or not any additional data was stolen.
Bleeping Computer broke the news of the latest incident at the corporation earlier this week, well before Okta made their statement public.
Okta was a victim of the now-famous Lapsus$ extortion organisation earlier this year, when they leaked images of Okta’s applications and systems after gaining access to the account of a customer care engineer at Sykes, one of Okta’s third-party service providers. In August of this year, Okta was compromised again when another cyber attempt aimed at more than 100 companies, including Twilio and DoorDash, gained access to customer data.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover