This marks the third major security incident to hit Okta this year. The company has more than 14,000 customers and at least 7,000 integrations with cloud, mobile, web and IT infrastructure providers, according to its annual report.
Okta earlier this year initially denied then later admitted it was breached by the extortion group Lapsus$. The group gained access to Okta data through a third-party vendor, then published screenshots months later to boast of the exploit and goad Okta’s response.
In August, Okta was one of 163 Twilio customers impacted by an expansive phishing attack.
That campaign, dubbed Oktapus by researchers at Group-IB, compromised 10,000 credentials across 136 organizations. Some of those included Okta identity credentials and one-time authentication codes.
In the latest incident, Okta downplayed the impact of the theft of code repositories on GitHub.
“Okta does not rely on the confidentiality of its source code for the security of its services,” an Okta spokesperson said in a statement. “This event does not impact any other Okta products, and we have been in communication with our customers.”
The company said it temporarily restricted access to the GitHub repositories and suspended GitHub integrations with third-party applications to review all recent commits to Okta repositories and validate the integrity of its code. GitHub credentials were also rotated, the company said.
“Source code has been a common target for threat actors for years,” Zaid Al Hamami, founder and CEO at DevSecOps startup BoostSecurity, said via email.
“Even though losing the source code does not directly imply that customer account breaches have occurred, attackers can go on to scan the code for additional vulnerabilities, tokens or insights that could lead to further breaches in the development and/or the production environment,” he said.
Get the free daily newsletter read by industry experts
Rates continue to soar, but Marsh research shows the pace of increases is slowing.
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started ➔
Rates continue to soar, but Marsh research shows the pace of increases is slowing.
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
The free newsletter covering the top industry headlines
