• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
hackers breach okta's github repositories, steal source code

Hackers Breach Okta’s GitHub Repositories, Steal Source Code

You are here: Home / General Cyber Security News / Hackers Breach Okta’s GitHub Repositories, Steal Source Code
December 22, 2022

Okta, a firm that delivers id and obtain management companies, disclosed on Wednesday that some of its resource code repositories ended up accessed in an unauthorized manner previously this month.

“There is no effect to any consumers, such as any HIPAA, FedRAMP or DoD buyers,” the corporation stated in a community assertion. “No motion is essential by customers.”

The security event, which was initial described by Bleeping Personal computer, concerned unknown risk actors attaining obtain to the Okta Workforce Id Cloud (WIC) code repositories hosted on GitHub. The entry was subsequently abused to copy the resource code.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The cloud-based mostly identity administration system noted that it was alerted to the incident by Microsoft-owned GitHub in early December 2022. It also emphasized that the breach did not final result in unauthorized accessibility to purchaser info or the Okta support.

CyberSecurity

On getting the lapse, Okta stated it positioned momentary restrictions on repository access and that it suspended all GitHub integrations with other third-party programs.

The San Francisco-headquartered agency further reported it reviewed the repositories that were accessed by the thieves and examined the new code commits to ensure that no poor adjustments have been manufactured. It has also rotated GitHub credentials and educated regulation enforcement of the enhancement.

“Okta does not depend on the confidentiality of its source code for the security of its products and services,” the corporation mentioned.

The alert arrives virtually three months right after Auth0, which Okta obtained in 2021, uncovered a “security event” pertaining to some of its code repository archives from 2020 and earlier.

Okta has emerged as an appealing goal for attackers considering the fact that the start of the yr. The LAPSUS$ data extortion group broke into the company’s interior systems in January 2022 after acquiring distant accessibility to a workstation belonging to a assistance engineer.

Then in August 2022, Group-IB unearthed a marketing campaign dubbed 0ktapus focusing on a quantity of providers, such as Twilio and Cloudflare, that was designed to steal users’ Okta identity qualifications and two-factor authentication (2FA) codes.

Uncovered this write-up appealing? Observe us on Twitter  and LinkedIn to examine extra exceptional written content we put up.


Some components of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Cyber-Incident Causes System Failures at Canadian Children’s Hospital
Next Post: The scariest cyber security horror stories of 2022 the scariest cyber security horror stories of 2022»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.