• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
hackers breach okta's github repositories, steal source code

Hackers Breach Okta’s GitHub Repositories, Steal Source Code

You are here: Home / General Cyber Security News / Hackers Breach Okta’s GitHub Repositories, Steal Source Code
December 22, 2022

Okta, a firm that delivers id and obtain management companies, disclosed on Wednesday that some of its resource code repositories ended up accessed in an unauthorized manner previously this month.

“There is no effect to any consumers, such as any HIPAA, FedRAMP or DoD buyers,” the corporation stated in a community assertion. “No motion is essential by customers.”

The security event, which was initial described by Bleeping Personal computer, concerned unknown risk actors attaining obtain to the Okta Workforce Id Cloud (WIC) code repositories hosted on GitHub. The entry was subsequently abused to copy the resource code.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The cloud-based mostly identity administration system noted that it was alerted to the incident by Microsoft-owned GitHub in early December 2022. It also emphasized that the breach did not final result in unauthorized accessibility to purchaser info or the Okta support.

CyberSecurity

On getting the lapse, Okta stated it positioned momentary restrictions on repository access and that it suspended all GitHub integrations with other third-party programs.

The San Francisco-headquartered agency further reported it reviewed the repositories that were accessed by the thieves and examined the new code commits to ensure that no poor adjustments have been manufactured. It has also rotated GitHub credentials and educated regulation enforcement of the enhancement.

“Okta does not depend on the confidentiality of its source code for the security of its products and services,” the corporation mentioned.

The alert arrives virtually three months right after Auth0, which Okta obtained in 2021, uncovered a “security event” pertaining to some of its code repository archives from 2020 and earlier.

Okta has emerged as an appealing goal for attackers considering the fact that the start of the yr. The LAPSUS$ data extortion group broke into the company’s interior systems in January 2022 after acquiring distant accessibility to a workstation belonging to a assistance engineer.

Then in August 2022, Group-IB unearthed a marketing campaign dubbed 0ktapus focusing on a quantity of providers, such as Twilio and Cloudflare, that was designed to steal users’ Okta identity qualifications and two-factor authentication (2FA) codes.

Uncovered this write-up appealing? Observe us on Twitter  and LinkedIn to examine extra exceptional written content we put up.


Some components of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Cyber-Incident Causes System Failures at Canadian Children’s Hospital
Next Post: The scariest cyber security horror stories of 2022 the scariest cyber security horror stories of 2022»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.