Okta GitHub repositories hacked, source code stolen

YARMOUTH, Maine – It’s been a hard year for security at identity and access management company Okta, with its most recent data breach incident causing the company to lose its source code to threat actors.

In a statement on Dec. 21 the company confirmed that earlier in the month Okta code repositories on popular website GitHub had been hacked, but assured customers that the breach did not affect customers. Furthermore GitHub concluded that none of its user services had been hacked, or information from HIPPA, FedRAMP, or the DoD obtained.  

“Our investigation concluded that there was no unauthorized access to the Okta service, and no unauthorized access to customer data,” it wrote in its comments on the incident. “Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure.”

This hack however is only the latest of Okta’s security woes this year, as in March 2022 the hacking group LAPSUS$ provided evidence of a hack that Okta later confirmed affected as many as 366 customers and their data. Despite that Okta assured customers that necessary steps had been taken in light of the breach. “We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials. We have also notified law enforcement.”

Okta provides ten different products and six services related to cloud security for its nearly 100 million customers. They’re just the latest victim in a year filled with more potentially damaging data breaches. In 2022 there’s been more than 4100 publicly disclosed breaches with roughly 22 billion recorded exposed records.

The full statement is available online at sec.okta.com.