Okta breach, everything you need to know

Company Reports Unauthorized Access to GitHub Repositories

On Wednesday, Okta, a company that offers identity and access management services, announced that some of its source code repositories had been accessed without authorisation earlier in the month.

Okta shared in a public statement that “there is no impact to any customers, including any HIPAA, FedRAMP or DoD customers” and that “no action is required by customers.”

The security incident, first reported by Bleeping Computer, involved unknown threat actors gaining access to Okta’s Workforce Identity Cloud code repositories hosted on GitHub. The hackers allegedly copied the service’s source code.

While for many people this might look like a minor breach, the Kaduu Team would like to emphasise the importance of this incident. We believe that once the threat actors obtain product’s source code, they proceed to penetration testing, from vectors, that haven’t been available to them before. This way threat actors will try to find all possible vulnerabilities to eventually gain access to client’s data or find another way of a financial gain.

Okta, a cloud-based identity management platform, was alerted to the incident by Microsoft-owned GitHub in early December 2022, and emphasized that the breach did not result in unauthorized access to customer data or the Okta service.

Photo by Brecht Corbeel

Upon discovering the unauthorised access, Okta announced that it had placed temporary restrictions on repository access and suspended all GitHub integrations with other third-party applications.

The San Francisco based company also stated that it had reviewed the repositories accessed by the intruders and checked recent code commits for any improper changes, rotated GitHub credentials, and informed law enforcement of the incident. Okta emphasised that the security of its services does not rely on the confidentiality of its source code.

Was it the first security incident?

No, this alert follows another incident that occurred nearly three months ago, in which Okta’s acquisition, Auth0, disclosed that some of its code repository archives from 2020 and earlier had been compromised.

Okta has been a frequent target for attacks this year. In January 2022, the LAPSUS$ data extortion group hacked into the company’s internal systems after gaining remote access to a support engineer’s workstation. Then in August 2022, cybersecurity firm Group-IB uncovered a campaign, dubbed 0ktapus, targeting several companies, including Twilio and Cloudflare, which aimed to steal Okta users’ identity credentials and two-factor authentication codes.

We will closely monitor the situation around Okta security incidents and keep our readers informed. Meanwhile, we advise you to read our previous article about latest Adidas data breach.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.