© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Okta acknowledges breach of company’s code repositories

Security provider Okta confirmed that its private GitHub code repositories were hacked earlier this month. The company insists there was no impact on any customers.

The news about the breach at Okta, a provider of authentication services and Identity and Access Management (IAM) solutions, was first reported by Bleeping Computer, and the company now confirmed the information.

According to a confidential security incident notification sent by Okta to ‘security contacts’ and seen by reporters, GitHub, an open-source software development platform, alerted the company of suspicious access to Okta’s code repositories.

All GitHub integrations suspended

In the email, David Bradbury, the company’s Chief Security Officer, says Okta has concluded those code repositories were copied. However, in a later public statement, Okta only mentions “a recent security event affecting Okta code repositories.”

“There is no impact to any customers, including any HIPAA (The Health Insurance Portability and Accountability Act , FedRAMP (The Federal Risk and Authorization Management Program) or DoD (Department of Defense) customers. No action is required by customers,” Okta said.

The company stressed that the incident was only related to Okta Workforce Identity Cloud code repositories – it didn’t pertain to any Customer Identity Cloud products. The investigation allegedly concluded there was no unauthorized access to the Okta service.

Besides, “Okta does not rely on the confidentiality of its source code for the security of its services,” the statement says.

As soon as Okta learned of the possible suspicious access, the company placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications. Law enforcement was also notified.

It has to be said, though, that even if Okta’s customer data was not stolen, recent history could indicate that Okta and GitHub were possibly targeted as links to reach other victims further down the chain.

Okta is a prime target for exploitation by malicious actors seeking to compromise organizations using Okta that depend on the company for managing their identity and access to their applications and services.

Increased risk

However, the world has already seen similar exploitation of IAM systems, such as the Uber breach where the attackers found a way to access its Privileged Access Management service.

There’s also the famous SolarWinds breach that gave hackers access to a who’s who list of victims, including US government organizations. Attackers used credentials found in a publicly accessible GitHub repository.

It’s probably not a coincidence that the freshest incident follows GitHub’s recent announcement that they’re going to require 2FA (two-factor authentication) to access repositories, recognizing that there is an increased risk in these kinds of attacks.

It’s been a difficult year for Okta. In March 2022, the Lapsus$ extortion group announced it had stolen sensitive data from Okta, including customer data, and published screenshots of the stolen data on its Telegram channel.

Even though experts later claimed the group exaggerated the scale of access, Okta soon admitted it could have disclosed news of the hack earlier as the breach occurred in late January.

More from Cybernews:

Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days

Guardian newspaper hit by suspected ransomware attack

Two charged over digital queue-jumping scam at JFK airport

German industrial giant ThyssenKrupp under a cyberattack

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked