Application Security , Breach Notification , Cybercrime
Okta's GitHub Repository Hacked; Code Stolen, Customers SafeSource Code of Only Workforce Identity Cloud Code Repositories Stolen
Identity and access management company Okta revealed that its private GitHub repositories were accessed earlier in the month, resulting in the theft of its source code in its Workforce Identity Cloud code repositories. "No customer data was impacted," Okta says.
Okta says the hack did not affect its Auth0 Customer Identity Cloud products or any of its databases or other services, and there was no unauthorized access to any of Okta's products or services.
A spokesperson for Okta confirmed to Information Security Media Group that "no customer data was impacted, nor was there any other customer impact." Okta's customers include U.S. government agencies that handle data regulated by HIPAA, FedRAMP and the Department of Defense.
The company "does not rely on the confidentiality of its source code as a means to secure its services," the Okta spokesperson said.
GitHub alerted Okta of possible "suspicious" unauthorized access to some of its repositories hosted on its platform in early December. Okta's security team investigated the claims and concluded that the access was used to copy Okta's Workforce Identity Cloud code repositories.
Okta suspended all GitHub integrations with third-party applications after GitHub's notification.
Okta's investigation reviewed all recent access to Okta software repositories and examined all recent commits to its software repositories hosted with GitHub. It also rotated GitHub credentials and informed law enforcement agencies of the development.
Okta says it has now taken additional steps to prevent access to the company or customer environments using the stolen code but the company declined from disclosing what these measures were. "Okta does not anticipate any disruption to our business or our ability to service our customers as a result of this event," the company said.
Okta Breaches in 2022
Okta emerged as a prime target for hackers this year. In August, Okta suffered a customer data breach due to a "relentless phishing campaign" that hit several other technology firms. Okta customer authentication data was exposed in the attack on the customer engagement platform Twilio (see: Okta Customer Data Exposed via Phishing Attack on Twilio).
In March, the notorious Lapsus$ group, which went on a hacking spree and hit several high-profile companies, claimed it had administrative access to Okta's internal consoles and customer data and began posting screenshots of the stolen data on Telegram. Okta acknowledged that the hack had taken place in January 2022 and potentially affected 2.5% of its customers (see: Okta, Microsoft Confirm Breaches Connected to Lapsus$ Hack).
That same week, Okta said it should have notified customers of a breach earlier and that Lapsus$ compromised a laptop belonging to Sitel, a third-party customer support firm, via remote desktop protocol, enabling it to infiltrate Okta's network (see: Okta Says It 'Should Have Moved More Swiftly' Over Breach).
In April, it confirmed that the January hack was actually very small and limited to only two customers (see: Okta: Hackers Accessed Just 2 Customer Tenants in Breach).