Okta is a leader in authentication and Identity and Access Management solutions (IAM). Okta claims that their private GitHub repositories have been hacked.
BleepingComputer has seen a confidential email from Okta that stated the security incident involved threat actors taking Okta’s source code.
Source code stolen; customer data not affected
BleepingComputer obtained an email notification from Okta regarding a security incident. Okta had been sending the information to his contacts since a few hours back. This email was confirmed by us to have reached multiple recipients, even IT administrators.
GitHub alerted Okta earlier this month about suspicious access to Okta’s code repositories.
David Bradbury (the company’s Chief Safety Officer (CSO), wrote in an email that “on investigation, we have determined that such access was used for copy Okta codes repositories.”
Okta claims that attackers didn’t gain access to Okta customer or service data even though they stole Okta’s source code. Okta customers under HIPAA, FedRAMP and DoD are not affected by the theft. The company says it doesn’t rely on Okta’s source code confidentiality to protect its services. Therefore, customers are not required to take any action.
The incident was relevant at the time we wrote our report to Okta Workforce Identity Cloud code repositories (WIC), but not Auth0 Customer Identity Cloud, given the email text.
Below is a portion of the rest of the notification that BleepingComputer has reviewed.
Okta was immediately notified of possible suspicious access. We placed temporary restrictions on Okta’s GitHub repositories access and stopped all GitHub integrations to third-party apps.
To understand the extent of the exposure we have reviewed any recent Okta Software repositories that were accessible via GitHub, checked all commits made to Okta Software repositories with GitHub, validated the code’s integrity, and rotated our GitHub credentials. We also informed law enforcement.
We have also taken measures to make sure that the code is not used to gain access to customer or company environments. Okta doesn’t anticipate that this will cause any disruption in our business, or the ability to serve our customers.
Notice: This security event applies to Okta Workforce Identity Cloud code repositories. This does not apply to any Auth0 products (Customer Identity Cloud).
This information will be shared in accordance with our partnership and commitment to transparency with customers.
Okta has ended its confidential email, which promised a “commitment to transparency”, but it says that today’s statement will be posted on its blog.
BleepingComputer reached Okta in advance to publish questions, but she did not respond immediately.
Security incidents in Okta: Year in Review
Okta has had a tough year with its string of security incidents, and bumpy disclosures.
Okta’s Auth0 in September. The authentication provider claims that older Auth0 source codes repositories had been obtained from the environment by an “unknown third-party”. Okta’s troubles began before the January hack was disclosed.
In March of this year, the data extortion group administrative consoles as well as customer data. It began uploading screenshots on Telegram showing stolen data.
Okta quickly acknowledged, after stating it was investigating the claims. The hack that Okta was referring to occurred in January 2022. It could have affected 2.5% of Okta’s customers . Given Okta’s 15,000+ customers , this number was approximately 375.
Okta also admitted to the same week that it “made mistakes” in about the hack, which, according to Okta, originated with Sitel (Sykes), a third-party contractor.
Okta stated in April that January’s breach lasted for “25 consecutive minutes”, and that it had an impact significantly less than originally expected: .