Skip to content

Okta’s Github account gets hacked, source code stolen

  • by
  • 2 min read

According to a confidential email notification sent by Okta, the company’s private source code repositories were hacked earlier this month. According to the notification, Github informed Okta of suspicious activity on their account, and the incident does involve Okta’s source code being leaked. 

BleepingComputer reports having seen the notification and confirmed with multiple sources, including IT admins, who have been receiving these notifications. Despite stealing Okta’s source code, the attackers did not gain access to Okta’s service or customer data. 

The company’s HIPAA, FedRAMP, or DoD customers remain unaffected; hence, no customer action is required. Okta doesn’t anticipate any disruptions to the business or to its customers due to the incident. The email notification clearly stated that the company doesn’t rely on the “confidentiality of its source code for the security of its services”. 

Only Okta’s Workforce Identity Cloud code repositories seem to be affected by the attack. Note that this differs from Auth0’s Customer Identity Cloud, which is an Okta-owned company but not the same thing. 

Upon disclosure from Github, the company placed temporary restrictions on access to its Github repositories and suspended all Github integrations to third-party services.

Additionally, Okta has since reviewed all recent access to its repositories to understand the extent of the exposure and reviewed all recent commits to ensure the validity and integrity of the code. Finally, the company has rotated all of its Github credentials and informed law enforcement of the breach. 

Overall, 2022 has been a rough year for the company in terms of security incidents and spotty disclosures. In March this year, the company was breached by the Lapsus$ ransomware group, which claimed to have access to internal company data and could reset employee passwords in addition to accessing its Slack and Jira servers. 

Okta-owned Auth0 was also breached in September, where an unknown individual obtained the company’s older source code repositories via its environment. 

In the News: Pixel 8 leak suggests major camera upgrade

>