Okta, a company that provides identity and access management services, revealed Wednesday that some of its source code repositories were compromised earlier this month.
“No customers, including HIPAA, FedRAMP, or DoD customers, are affected,” the company said in an official statement. “You don’t have to do anything.”
A security event originally reported by Bleeping Computer involved an unidentified attacker gaining access to the Okta Workforce Identity Cloud (WIC) code repository hosted on GitHub. This access was then exploited to copy the source code.
The cloud-based identity management platform noted that it was alerted to an incident by Microsoft-owned GitHub in early December 2022. It also emphasized that the breach did not lead to unauthorized access to customer data or Okta services.
Upon discovering the revocation, Okta said it had temporarily restricted access to its repositories and suspended all GitHub integrations with other third-party applications.
The San Francisco-based company also said it reviewed repositories accessed by the intruders and investigated recent code commits to ensure no inappropriate changes were made. We also rotated our GitHub credentials and notified law enforcement about our development.
“Okta does not rely on source code confidentiality for the security of its services,” the company said.
The alert comes almost three months after Auth0, which Okta acquired in 2021, revealed a “security event” involving some of its pre-2020 code repository archives.
Okta has emerged as an attractive target for attackers this year. The LAPSUS$ data extortion group compromised internal systems in January 2022 after gaining remote access to a workstation owned by a support engineer.
Then, in August 2022, Group-IB discovered a campaign called 0ktapus targeting a number of companies, including Twilio and Cloudflare. The campaign is designed to steal the user’s Okta ID credentials and his two-factor authentication (2FA) code.
