Okta Reportedly Confirms Code Breach

Okta has confirmed the alleged code breach. a report Violation of GitHub Okta code Now confirmed.

Okta has reportedly confirmed the code breach

Okta has reportedly confirmed the code breach

Authentication company Okta has now confirmed recent claims and reports of data breaches affecting its internal code.

In a press release the company reiterated the points made in the confidential email shared with it Security contacts are managed as someone to gain access to the company’s GitHub repository which is a breach the company was notified of in early December this year.

After investigating the issue, Okta concluded that someone had copied the source code parked in the repository and then moved to secure its premises by imposing temporary restrictions and then suspending all GitHub integration with third-party applications.

Further investigation by The company revealed that Oktar’s customers Customers unaffected by this incident, including HIPAA, FedRAMP, and DoD, therefore, do not need to do anything. “Okta does not rely on the confidentiality of its source code for the security of its services,” the announcement said. “Okta services are fully operational and secure.”

The breach is related to Octa’s Workforce Identity Cloud (WIC) code repository.

The said breach relates to Oktar’s Workforce Identity Cloud (WIC) code repository; The firm has thus confirmed that it is not actually associated with any Auth0 (Customer Identity Cloud) product.

Although the announcements concluded that law enforcement agencies had been notified of the incident Raj Samani, While commenting SVP Chief Scientist at Rapid7 It has been reported that a company’s source code is quite valuable and important to cybercriminals as well.

“From our own research, we know that intellectual property is a popular target for threat actors with 12% of data exposed between April 2020 and February 2022,” said Samani. “Stolen source code can be used to find hidden security vulnerabilities and launch further attacks on businesses; therefore, keeping such sensitive information secure is critical.”

This is not the first incident in Oka

This isn’t Oka’s first rodeo. Notorious extortion group Lapsus$ announced this back in March Okta’s administrative console has been breached and stole customer information.

Auth0 which is reported to be owned by Okta reported a more similar issue in September when a third party was able to get its hands on the old source code. How this happened was never established; Because it is still very unknown if any kind of malware was involved.

Leave a comment