HQ/EMEAFind out how we can help your business
Okta’s private GitHub source code repositories had reportedly been hacked last December after the firm relayed the news to its security contacts in a confidential email. As stated in the email notification, the threat actors had stolen Okta’s source code.
In the email notification, the identity and access management firm shared that GitHub had alerted them of suspicious access to its source code repositories, with hackers attempting to steal the company’s stored source codes.
The stolen source code from Okta’s GitHub repositories did not include sensitive customer data.
Fortunately, Okta clarified that its service and customer data were safe from hackers, including its HIPAA, FedRAMP, or DoD customers. They also assured that no customer action is needed following this recent cyberattack.
Researchers who received the email presumed that the incident was linked to Okta Workforce Identity Cloud (WIC) code repositories, not its Auth0 Customer Identity Cloud product. Okta also said they would publish a statement on their website soon to give the public further details of the incident.
As a precautionary measure, Okta said to have notified relevant authorities to aid them in investigating the incident’s scope and implementing possible resolutions. The company is also confident that the incident would not affect its normal business operations and its ability to serve customers.
In 2022, the identity and access management firm encountered several cybersecurity incidents. Beginning last March, Lapsus$, a ransomware gang, claimed a hack in Okta’s administrative consoles and customer data, affecting about 2.5% of its customers. The company said that this attack originated from Sitel (Sykes), its third-party contractor during that time.
By September, Okta’s Auth0 source code repositories suffered from the same incident that transpired this December after a third-party entity gained unauthorised access to the affected environment.
As of writing, the identity and access management firm has yet to publish its statement that addresses the recent hack on its GitHub source code repositories. Our security researchers will share more details about the incident as soon as developments arise.
