Okta, which provides access management and identity services, revealed Wednesday that some of its source codes repositories had been accessed unauthorized manner earlier this month.
“There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers,” the company said in a public statement. “No action is required by customers.”
It involved unidentified threat agents gaining access to Okta Workforce Identity Cloud code repositories on GitHub. This access was then used to copy the source code.
Cloud-based identity management platform, which is cloud-based, stated that it was alerted by Microsoft-owned GitHub in December 2022. The platform said that the Okta service and customer data were not unauthorizedly accessed.
Okta stated that it had temporarily placed restrictions on repository access after discovering the lapse and suspended all GitHub integrations to third-party apps.
The San Francisco-headquartered firm further said it reviewed the repositories that were accessed by the intruders and examined the recent code commits to ensure that no improper changes were made. It also provided information to law enforcement about the development and rotated GitHub credentials.
The company stated that “Okta does not rely on the confidentiality of its source code for the security of its services,” the company noted.
This alert comes almost three months after Okta, which Okta bought in 2021, disclosed a “security incident” about some code repository archives dating back to 2020 and earlier.
Since the beginning of the year, Okta has been a popular target for attackers. After gaining remote access to the workstation of a support engineer, the LAPSUS$ data extortion team broke into the company’s internal systems in January 2022.
Group-IB discovered a campaign called 0ktapus in August 2022 that targeted a variety of companies, including Twilio, Cloudflare, and Twilio. It was intended to steal Okta identities and two-factor authentication (2FA) codes.