Okta Confirms Some Source Code Stolen By Hacker

The San Francisco-based security firm says data was copied after an intruder gained access to its GitHub repositories


Cybersecurity vendor Okta is confirming that some of its source code was recently swiped after a hacker gained access to its GitHub repositories.

In a statement, the San Francisco-based identity and access management solutions provider emphasized that its customers were not impacted by the breach and that no action is required by customers.

But Okta, which has been involved in two other cybersecurity incidents this year, did say that some of its source code was accessed by a hacker.

Sponsored post

“In early December 2022, GitHub alerted Okta about possible suspicious access to Okta code repositories,” the company said in its statement. “Upon investigation, we have concluded that such access was used to copy Okta code repositories.”

[RELATED STORY: Okta Breached By Lapsus$, Exposing Customer Data, Group Claims]

The company added: “As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications.”

The incident involved Okta Workforce Identity Cloud (WIC) code repositories and wasn’t tied to any Auth0 (Customer Identity Cloud) products, the company said.

“Our investigation concluded that there was no unauthorized access to the Okta service, and no unauthorized access to customer data,” the company said.

Okta went out of its way to stress that its non-impacted customers include HIPAA, FedRAMP and DoD.

The company added: “Okta does not rely on the confidentiality of its source code for the security of its services, The Okta service remains fully operational and secure.”

Okta said it has conducted an inspection of its GitHub technical ties.

“We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials.”

The company said that it has notified law enforcement about the incident.

A representative for Okta could not be reached further information, including details on how an intruder gained access to its repositories.

This is the third major cybersecurity incident this year involving the publicly traded Okta.

In March, the ransomware gang Lapsus$ posted screenshots to its Telegram channel of what it alleged was data from customers of Okta.

This past summer, the company experienced yet another compromise as a result of a wider hacking campaign that included more than 100 organizations, including Twilio.