Okta’s code repositories reportedly breached in cyberattack

SECURITY

Okta Inc. has experienced a data breach in which hackers accessed some of its source code repositories, BleepingComputer reported today. 

Nasdaq-listed Okta provides an identity management platform that companies use to process login requests to their applications. The platform also eases a number of related cybersecurity tasks. Last quarter, Okta disclosed that its platform is used by more than 17,000 organizations worldwide. 

According to BleepingComputer, Okta has issued a confidential security advisory about a data breach that affected some of its GitHub repositories. The repositories hosted parts of the source code for the company’s flagship identity management platform. In the advisory, Okta Chief Security Officer David Bradbury stated that the hackers didn’t gain access to the company’s infrastructure or customer data.

Okta’s identity management platform includes multiple products. Hackers gained access to the source code for the Workforce Identity Cloud product, which companies use to manage employee access to internal applications.

Okta determined that the hackers didn’t gain access to source code belonging to its Auth0 subsidiary. The subsidiary became part of Okta through a $6.5 billion acquisition that closed in February. Like its parent company, Auth0 provides an identity management platform that companies use to manage who can access their applications and how. 

“The consequences of this security incident may seem insignificant, however, access even to a small part of the source code may have a domino effect on the organization,” said Ilia Kolochenko, the founder of cybersecurity company ImmuniWeb. “Oftentimes, some parts of source code is shared among different products, offering attackers a plethora of unique opportunities to reverse engineer business-critical software and find 0-day vulnerabilities.”

Okta first became aware of the data breach earlier this month after GitHub notified the company of suspicious activity in its code repositories. In response, Okta temporarily blocked access to its GitHub environment and suspended the integrations that connect the environment with third-party applications. It has also notified law enforcement.

“Additionally, we have taken steps to ensure that this code cannot be used to access company or customer environments,” Bradbury detailed in the advisory. “Okta does not anticipate any disruption to our business or our ability to service our customers as a result of this event.”

The incident comes a few months after Okta’s Auth0 subsidiary disclosed that a hacker stole a portion of its source code. Auth0 stated that the compromised code, which was created before November 2020, can’t be used to access its network or the infrastructure of customers.

Earlier, Okta was targeted in a high-profile cyberattack carried out by the Lapsus$ hacking group. The hacking group breached a computer belonging to a company that Okta had contracted to provide support services to its customers. That compromised computer was used to access some of Okta’s internal systems.

In March, the company estimated that the breach affected about 375 customers, or 2.5% of its installed base at the time. A cybersecurity investigation later determined only two customers were impacted. Following the incident, Okta launched an initiative to improve the cybersecurity of its partners and suppliers.

Photo: Okta