Okta confirms another breach after hackers stole source code • InNewCL
#Okta #confirms #breach #hackers #stole #source #code #InNewCL Welcome to InNewCL, here is the new story we have for you today:
Click Me To View Restricted Videos
Okta has confirmed that it is responding to another major security incident after a hacker accessed its source code after breaching its GitHub repositories.
The identity and authentication giant said in a statement on Wednesday that it was notified by GitHub earlier this month of “suspicious access” to its code repositories. Okta has since concluded that hackers used this malicious access to copy code repositories connected to Workforce Identity Cloud (WIC), the company’s enterprise-grade security solution.
“As soon as Okta became aware of the possible suspicious access, we immediately temporarily restricted access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications,” Okta said in a statement.
When asked by InNewCL, Okta declined to say how attackers managed to gain access to its private repositories.
According to Okta, there was no unauthorized access to the Okta service or customer data, and products related to Auth0 — which was acquired in 2021 — are not affected. “Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure,” said Okta.
The company said that since it was made aware of the breach, it has reviewed recent access to Okta software repositories, reviewed all recent commits to Okta software repositories, and rotated GitHub credentials. Okta said it also notified law enforcement.
Okta did not specifically say whether it has the technical means, such as logs, to determine which of its own systems have been accessed or what other data may have been exfiltrated.
The company’s latest incident was first reported by Bleeping Computer earlier this week, ahead of Okta’s announcement.
Earlier this year, Okta was targeted by the now infamous Lapsus$ ransomware group, which gained access to an account manager at Sykes, one of Okta’s third-party vendors, and released screenshots of Okta’s apps and systems. Okta experienced a second breach this August after being targeted by another hacking campaign that breached more than 100 organizations including Twilio and DoorDash.
