Okta claims that Okta’s GitHub account was hacked and source code stolen

Okta is a leader in authentication services and Identity and Access Management solutions (IAM). Okta claims that their private GitHub source codes repositories have been hacked.

BleepingComputer has seen a confidential email from Okta that stated the security incident involved threat actors taking Okta’s source code.

Source code stolen; customer data not affected

BleepingComputer obtained an email notification from Okta regarding a security incident. Okta had been sending the information to his contacts since a few hours back. This email was confirmed by us to have reached multiple recipients, even IT administrators.

GitHub alerted Okta earlier this month about suspicious access to Okta’s code repositories.

David Bradbury (the company’s Chief Safety Officer (CSO), wrote in an email that “Upon investigation we have concluded que such access was used for copy Okta codes repositories.”

Okta claims that attackers didn’t gain access to Okta customer or service data. Okta customers under HIPAA, FedRAMP and DoD are not affected by the theft. The company says it doesn’t rely on Okta’s source code confidentiality to protect its services. Therefore, customers are not required to take any action.

The incident was relevant at the time we wrote our report to Okta Workforce Identity Cloud code repositories (WIC), but not Auth0 Customer Identity Cloud, given the email text.

Below is a portion of the rest of the notification that BleepingComputer has reviewed.

Okta was immediately notified of possible suspicious access. We placed temporary restrictions on Okta’s GitHub repositories access and stopped all GitHub integrations to third-party apps.

To understand the extent of the exposure we have reviewed any recent Okta Software repositories that were accessible via GitHub, checked all commits made to Okta Software repositories with GitHub, validated the code’s integrity, and rotated our GitHub credentials. We also informed law enforcement.

We have also taken measures to make sure that the code is not used to gain access to customer or company environments. Okta doesn’t anticipate that this will cause any disruption in our business, or the ability to serve our customers.

Notice: This security event applies to Okta Workforce Identity Cloud code repositories. This does not apply to any Auth0 products (Customer Identity Cloud).

This information will be shared in accordance with our partnership and commitment to transparency with customers.

Okta has ended its confidential email, which promised a “commitment to transparency”, but it says that today’s statement will be posted on its blog.

BleepingComputer reached Okta in advance to publish questions, but she did not respond immediately.

Security incidents at Okta – Year in Review

Okta has had a tough year with its string of security incidents, and bumpy disclosures.

Okta’s Auth0 in September. The authentication provider claims that older Auth0 source codes repositories had been obtained from the environment by an “unknown third-party”. Okta’s troubles began before the January hack was disclosed.

In March of this year, the data extortion group administrative consoles as well as customer data. It began uploading screenshots on Telegram showing stolen data.

Okta quickly acknowledged, after stating it was investigating the claims. The hack that Okta was referring to occurred in January 2022. It could have affected 2.5% of Okta’s customers . Given Okta’s 15,000+ customers , this number was approximately 375.

Okta also admitted to the same week that it “made mistakes” in about the hack, which, according to Okta, originated with Sitel (Sykes), a third-party contractor.

Okta stated in April that January’s breach lasted for “25 consecutive minutes”, and that it had an impact significantly less than originally expected: .