Okta, an organization that gives identification and entry administration providers, disclosed on Wednesday that a few of its supply code repositories have been accessed in an unauthorized method earlier this month.
“There is no such thing as a affect to any clients, together with any HIPAA, FedRAMP or DoD clients,” the corporate mentioned in a public assertion. “No motion is required by clients.”
The safety occasion, which was first reported by Bleeping Pc, concerned unidentified risk actors having access to the Okta Workforce Id Cloud (WIC) code repositories hosted on GitHub. The entry was subsequently abused to repeat the supply code.
The cloud-based identification administration platform famous that it was alerted to the incident by Microsoft-owned GitHub in early December 2022. It additionally emphasised that the breach didn’t lead to unauthorized entry to buyer information or the Okta service.
Upon discovering the lapse, Okta mentioned it positioned non permanent restrictions on repository entry and that it suspended all GitHub integrations with different third-party purposes.
The San Francisco-headquartered agency additional mentioned it reviewed the repositories that have been accessed by the intruders and examined the latest code commits to make sure that no improper modifications have been made. It has additionally rotated GitHub credentials and knowledgeable regulation enforcement of the event.
“Okta doesn’t depend on the confidentiality of its supply code for the safety of its providers,” the corporate famous.
The alert comes practically three months after Auth0, which Okta acquired in 2021, revealed a “safety occasion” pertaining to a few of its code repository archives from 2020 and earlier.
Okta has emerged as an interesting goal for attackers because the begin of the yr. The LAPSUS$ information extortion group broke into the corporate’s inner methods in January 2022 after acquiring distant entry to a workstation belonging to a help engineer.
Then in August 2022, Group-IB unearthed a marketing campaign dubbed 0ktapus concentrating on numerous corporations, together with Twilio and Cloudflare, that was designed to steal customers’ Okta identification credentials and two-factor authentication (2FA) codes.
