Did Okta source code leak affect your personal information? Read our writing on it to learn more about it.
American identity and access management firm Okta, Inc. has its headquarters in San Francisco. It offers cloud software that aids businesses in managing and securing user authentication into applications and enables developers to incorporate identity management into software, web services, and hardware.
Okta, a well-known supplier of identity and access management (IAM) systems, reports this month’s hacking of its private GitHub repository.
Okta source code leak did not lead to customer data loses
GitHub had earlier this month informed Okta of unusual access to Okta’s development repositories.
“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” The company’s Chief Security Officer, David Bradbury, addresses the press representatives in the email the company has sent to be transparent.
Despite stealing Okta’s source code, the business claims that attackers did not have illegal access to the Okta service or user data. Since Okta “does not rely on the secrecy of its source code as a means to secure its services,” its “HIPAA, FedRAMP, or DoD customers” are unaffected. As a result, no client action is required.
Okta released a blog post on the current situation of code repositories saying:
”Our investigation concluded that there was no unauthorized access to the Okta service, and no unauthorized access to customer data. Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure. As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications.”.
”We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials. We have also notified law enforcement. We have decided to share this information consistent with our commitment to transparency and partnership with our customers.”.
This is not the first Okta source code leak we saw this year
Okta has had a challenging year due to a string of security problems.
A similar situation was discovered by Okta-owned Auth0 in September of this year. The vendor of the authentication service claims that an unidentified “third-party individual” got previous Auth0 source code repositories from its environment. However, Okta’s issues started much earlier, during the commotion following the revelation of its January breach.
Material extortion organization Lapsus$ started sharing screenshots of the stolen data on Telegram in March of this year, claiming to have access to Okta’s administrative consoles and client data. Okta initially responded that it was looking into these claims, but soon admitted that the hack in question had in fact happened in late January 2022 and might have impacted 2.5 percent of its users. Given that Okta had more than 15,000 customers at the time, this number was first believed to be around 375 enterprises.
The following week, Okta acknowledged that it had “made a mistake” in holding off on disclosing this attack, which the company claimed had been carried out by a third-party contractor named Sitel (Sykes).
Okta revealed in April that the January breach had lasted 25 straight minutes and that the impact was much lower than initially thought, being limited to only two customers.
Our Okta source code leak news ends here. Even though the company has been in trouble with hacks this year, don’t worry about your personal data security for now. To read our previous Okta hacking news, we recommend that you take a look at our article titled Lapsus Okta hack: T-Mobile, FCC, and thousands of businesses on high alert.