When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Identity management solutions provider Okta gets its GitHub account hacked

Identity and access management solutions provider Okta has announced that its private GitHub source code repositories were recently hacked.

According to a security incident notification email obtained by BleepingComputer, GitHub alerted Okta about suspicious access to its code repositories earlier this month. "Upon investigation, we have concluded that such access was used to copy Okta code repositories," according to the email.

Despite this development, the threat actors were not able to infiltrate customer data or the Okta service. "No customer action is required and the Okta service remains fully operational and secure," the email stated.

What's more, as soon as Okta learned of the potential suspicious access, it claims to have placed temporary access restrictions to their GitHub repositories and suspended all GitHub integrations with third-party applications:

We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials. We have also notified law enforcement.

Additionally, we have taken steps to ensure that this code cannot be used to access company or customer environments. Okta does not anticipate any disruption to our business or our ability to service our customers as a result of this event.

Okta says that it will make a statement regarding the incident today on its blog.

This is just one of many security incidents that Okta has suffered this year. Back in March, international hacker group Lapsus$ published screenshots revealing that it had accessed the company's internal systems and customer data. And in September, Okta-owned Auth0 disclosed that its source code repositories dating from October 2020 and earlier were obtained by a third-party individual.

Source: BleepingComputer

Report a problem with article
A broken Windows 11 logo indicating bugs
Next Article

New Intel Wi-Fi and Bluetooth drivers fix BSOD and streaming glitches on Windows 11 and 10

A graphic showing Microsoft acquiring Activision Blizzard
Previous Article

Group of gamers sue Microsoft over $69 billion Activision Blizzard acquisition

Join the conversation!

Login or Sign Up to read and post a comment.

1 Comment - Add comment