After a hacker gained access to its source code as a result of a breach of its GitHub repository, Okta has announced that it is reacting to another significant security incident.
In a statement released on Wednesday, the leader in identification and authentication claimed that GitHub had alerted it to “strange access” to its code repositories earlier in the month. Since then, Okta has come to the conclusion that hackers utilized this nefarious access to copy code repositories linked to Workforce Identity Cloud (WIC), the business-facing security solution of the company.
Okta released a statement saying, “We immediately suspended all GitHub interfaces with third-party applications and set temporary restrictions on access to Okta GitHub repositories as soon as we learnt of the potential suspicious access.”
TechCrunch questioned Okta about how attackers were able to access its secret repositories, but Okta declined to comment.
No illegal access to the Okta service or client data, according to Okta, and goods connected to Auth0—which it acquired in 2021—were unaffected. “The security of Okta’s services is not dependent on the secrecy of its source code. The Okta service is still entirely secure and functional, according to Okta.
The business claimed that since being made aware of the compromise, it has rotated its GitHub credentials, examined all recent commits to Okta software repositories, and evaluated recent access to Okta software repositories. Okta claimed to have notified law enforcement as well.
If Okta has the technological tools to identify which, if any, of its own systems were accessed or what other data may have been exfiltrated, such as logs, it did not explicitly state.
Prior to Okta’s disclosure earlier this week, Bleeping Computer was the first to report on the most recent incident at the corporation.
When the now-famous Lapsus$ extortion organization acquired access to the account of a customer care engineer at Sykes, one of Okta’s third-party service providers, they shared screenshots of Okta’s apps and systems. This happened earlier this year, when Okta was targeted by the group. In August of this year, Okta had a second vulnerability as a result of becoming the victim of another cyber attack that had already compromised more than 100 businesses, including Twilio and DoorDash.