Getty Pictures
Single sign-on supplier Okta mentioned on Wednesday that software program code for its Okta Workforce Identification Cloud service was copied after intruders gained entry to the corporate’s non-public repository on GitHub.
“Our investigation concluded that there was no unauthorized entry to the Okta service, and no unauthorized entry to buyer information,” firm officers mentioned in an announcement. “Okta doesn’t depend on the confidentiality of its supply code for the safety of its providers. The Okta service stays absolutely operational and safe.”
The assertion mentioned that copied supply code pertains solely to the Okta Workforce Identification Cloud and doesn’t pertain to any Auth0 merchandise used with the corporate’s Buyer Identification Cloud. Officers additionally mentioned that upon studying of the breach, Okta positioned short-term restrictions on entry to the corporate’s GitHub repositories and suspended GitHub integrations with third-party apps.
“Now we have since reviewed all latest entry to Okta software program repositories hosted by GitHub to grasp the scope of the publicity, reviewed all latest commits to Okta software program repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials,” the assertion added. “Now we have additionally notified legislation enforcement.”
The Okta Workforce Identification Cloud supplies entry administration, governance, and privileged entry controls in a single package deal. Many giant organizations deal with this stuff piecemeal utilizing handbook processes. The service, which Okta launched final month, is designed to unify and automate these processes.
Final March, the Lapsus$ ransomware group posted pictures that appeared to point out it had obtained proprietary information from Okta and Microsoft. Okta officers mentioned the information was obtained after the menace actor gained unauthorized entry to the account of a “third-party buyer assist engineer working for considered one of our subprocessors.”
The corporate mentioned the try and breach Okta was unsuccessful and that the entry the hackers gained to the third-party account didn’t permit them to create or delete customers, obtain buyer databases, or get hold of password information. Lapsus$ members refuted this declare and famous that the screenshots indicated that they had logged into the superuser portal, a standing they mentioned gave them the power to reset the passwords and multifactor authentication credentials of 95 of Okta’s prospects.
In August, Okta mentioned that hackers who had lately breached safety supplier Twilio used their entry to acquire data belonging to an unspecified variety of Okta prospects. Twilio disclosed the breach three weeks earlier and mentioned it allowed the menace actor to acquire information for 163 prospects. Okta mentioned the menace actor might get hold of cell phone numbers and related SMS messages containing one-time passwords of a few of its prospects.
In September, Okta revealed that code repositories for Auth0, an organization it acquired in 2021, had additionally been accessed with out authorization.
Wednesday’s disclosure of the Okta source-code copying was first reported by Bleeping Pc.
