Okta, a firm that delivers id and obtain management companies, disclosed on Wednesday that some of its resource code repositories ended up accessed in an unauthorized manner previously this month.
“There is no effect to any consumers, such as any HIPAA, FedRAMP or DoD buyers,” the corporation stated in a community assertion. “No motion is essential by customers.”
The security event, which was initial described by Bleeping Personal computer, concerned unknown risk actors attaining obtain to the Okta Workforce Id Cloud (WIC) code repositories hosted on GitHub. The entry was subsequently abused to copy the resource code.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The cloud-based mostly identity administration system noted that it was alerted to the incident by Microsoft-owned GitHub in early December 2022. It also emphasized that the breach did not final result in unauthorized accessibility to purchaser info or the Okta support.
On getting the lapse, Okta stated it positioned momentary restrictions on repository access and that it suspended all GitHub integrations with other third-party programs.
The San Francisco-headquartered agency further reported it reviewed the repositories that were accessed by the thieves and examined the new code commits to ensure that no poor adjustments have been manufactured. It has also rotated GitHub credentials and educated regulation enforcement of the enhancement.
“Okta does not depend on the confidentiality of its source code for the security of its products and services,” the corporation mentioned.
The alert arrives virtually three months right after Auth0, which Okta obtained in 2021, uncovered a “security event” pertaining to some of its code repository archives from 2020 and earlier.
Okta has emerged as an appealing goal for attackers considering the fact that the start of the yr. The LAPSUS$ data extortion group broke into the company’s interior systems in January 2022 after acquiring distant accessibility to a workstation belonging to a assistance engineer.
Then in August 2022, Group-IB unearthed a marketing campaign dubbed 0ktapus focusing on a quantity of providers, such as Twilio and Cloudflare, that was designed to steal users’ Okta identity qualifications and two-factor authentication (2FA) codes.
Uncovered this write-up appealing? Observe us on Twitter and LinkedIn to examine extra exceptional written content we put up.
Some components of this short article are sourced from:
thehackernews.com