Connect with us

Hi, what are you looking for?

[stock_market_widget type="ticker-quotes" template="chart" color="#5679FF" assets="MSFT,AAPL,NFLX,GOOG,TSLA,NFLX,AMZN" animation="true" display_currency_symbol="true" api="yf" speed="50" direction="left" pause="true"]

Tech

Okta confirms another breach after hackers steal source code

Okta has confirmed that it’s responding to another major security incident after a hacker accessed its source code following a breach of its GitHub repositories. The identity and authentication giant said in a statement on Wednesday that it was informed by GitHub about “suspicious access” to its code repositories earlier this month. Okta has since

okta-confirms-another-breach-after-hackers-steal-source-code

Okta has confirmed that it’s responding to another major security incident after a hacker accessed its source code following a breach of its GitHub repositories.

The identity and authentication giant said in a statement on Wednesday that it was informed by GitHub about “suspicious access” to its code repositories earlier this month. Okta has since concluded that hackers used this malicious access to copy code repositories associated with Workforce Identity Cloud (WIC), the organization’s enterprise-facing security solution.

“As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications,” Okta said in a statement.

When asked by TechCrunch, Okta declined to say how attackers managed to gain access to its private repositories.

Okta says there was no unauthorized access to the Okta service or customer data, and products related to Auth0 — which it acquired in 2021 — are not impacted. “Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure,” Okta said.

The company said that since it was alerted to the breach, it has reviewed recent access to Okta software repositories, reviewed all recent commits to Okta software repositories and rotated GitHub credentials. Okta said it has also notified law enforcement.

Okta did not explicitly say if it has the technical means, such as logs, to detect what, if any, of its own systems were accessed or what other data may have been exfiltrated.

The company’s latest incident was first reported by Bleeping Computer earlier this week, prior to Okta’s announcement.

Earlier this year, Okta was targeted by the now-notorious Lapsus$ extortion group, which gained access to the account of a customer support engineer at Sykes, one of Okta’s third-party service providers, and posted screenshots of Okta’s apps and systems. Okta experienced a second compromise in August this year after it was targeted by another hacking campaign that breached more than 100 organizations, including Twilio and DoorDash.

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Stocks

SAN FRANCISCO (MarketWatch) — Among the companies whose shares are expected to see active trade in Thursday’s session are BlackBerry Ltd., Oracle Corp., and...

Mining

NAL spodumene concentrate production remains targeted for H1 2023 with revenue potential in Q3 2023. Credit: Piedmont Piedmont Lithium (Nasdaq: PLL; ASX: PLL) announced...

Tech

This holiday season, consider giving the gift of security with an ad blocker. That’s the takeaway message from an unlikely source — the FBI...

Top Stories

There have been major developments out of Japan this week. The Bank of Japan surprised the market by widening its yield curve target by...

Advertisement