Okta, an organization that gives id and entry administration companies, disclosed on Wednesday that a few of its supply code repositories have been accessed in an unauthorized method earlier this month.
“There isn’t a influence to any prospects, together with any HIPAA, FedRAMP, or DoD prospects,” the corporate stated in a public assertion. “No motion is required by prospects.”
The safety occasion, which was first reported by Bleeping Laptop, concerned unidentified menace actors having access to the Okta Workforce Identification Cloud (WIC) code repositories hosted on GitHub. The entry was subsequently abused to repeat the supply code.
The cloud-based id administration platform famous that it was alerted to the incident by Microsoft-owned GitHub in early December 2022. It additionally emphasised that the breach didn’t lead to unauthorized entry to buyer knowledge or the Okta service.
Upon discovering the lapse, Okta stated it positioned non permanent restrictions on repository entry and that it suspended all GitHub integrations with different third-party functions.
The San Francisco-headquartered agency additional stated it reviewed the repositories that have been accessed by the intruders and examined the latest code commits to make sure that no improper modifications have been made. It has additionally rotated GitHub credentials and knowledgeable legislation enforcement of the event.
“Okta doesn’t depend on the confidentiality of its supply code for the safety of its companies,” the corporate famous.
The alert comes practically three months after Auth0, which Okta acquired in 2021, revealed a “safety occasion” pertaining to a few of its code repository archives from 2020 and earlier.
Okta has emerged as an interesting goal for attackers for the reason that begin of the 12 months. The LAPSUS$ knowledge extortion group broke into the corporate’s inside methods in January 2022 after acquiring distant entry to a workstation belonging to a assist engineer.
Then in August 2022, Group-IB unearthed a marketing campaign dubbed 0ktapus focusing on a variety of firms, together with Twilio and Cloudflare, that was designed to steal customers’ Okta id credentials and two-factor authentication (2FA) codes.