Okta has confirmed that its source code has been stolen after hackers breached its GitHub repositories.
Okta, an identity and authentication security vendor confirmed yesterday in a press release.
“In early December 2022, GitHub alerted Okta about possible suspicious access to Okta code repositories. Upon investigation, we have concluded that such access was used to copy Okta code repositories,” the statement read.
The breach appears to be isolated to the stolen source code on GitHub, and did not affect any Okta customers.
“Our investigation concluded that there was no unauthorized access to the Okta service, and no unauthorized access to customer data. Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure,” the statement continued.
Additional restrictions were placed on Okta GitHub repositories, and all GitHub integrations with third-party applications were also suspended.
Okta did not elaborate on what other data was exfiltrated or if they have the technical means to confirm.
In March 2022, Okta suffered a breach affecting 366 (or about 2.5%) of its customers which allowed hackers to access internal networks. The hacking and cybercriminal gang Lapsus$ claimed responsibility for the attack.
