Source code for Okta, a major player in the authentication industry, reportedly disappeared after a hacker gained access to the company’s GitHub repositories.

Okta allegedly informed its “security contacts” via a “‘confidential’ email notification” that it had discovered that its code repositories had been copied after investigating suspicious activity it had been alerted to earlier this month.

The notification goes on to state that whoever was responsible for the attack did not gain access to Okta’s services or customer data. Customers who use Okta for compliance with HIPAA, FedRAMP, or the Department of Defense have not been impacted and do not need to take any action.

Commonly Aimed At

BleepingComputer discovered that the incident appears to be connected to Okta Workforce Identity Cloud (WIC) code repositories, but not Auth0 Customer Identity Cloud products.

Cybercriminals place a high value on a company’s source code, according to Rapid7’s SVP Chief Scientist Raj Samani, who commented on the news.

According to Samani’s team’s findings, “from April 2020 through February 2022, 12% of data disclosures contained intellectual property.” Because stolen source code can be used to probe a company for security flaws and launch additional attacks, keeping it safe is of the utmost importance.

Okta has not commented on the breach publicly yet, but it is the most recent security incident for the company in 2022.

Okta’s administrative consoles were compromised and customer data was stolen in March, when the notorious extortion group Lapsus$ made the announcement.

Similarly, Auth0 (now owned by Okta) reported in September that a “third-party individual” had stolen some legacy source code. It was never determined how it happened, so it is unknown if malware (opens in new tab) was used.