Dive briefs:
- On Wednesday, Okta confirmed that the source code repository was accessed and copied on GitHub earlier this month by an unauthorized third party.
- An investigation concluded that no customer data was accessed and Okta services remained uncompromised, the identity and access management platform said. blog post.
- The attackers accessed code related to Okta Workforce Identity Cloud, an enterprise security product. His Auth0-related products, which Okta acquired in 2021, will not be affected, the company said.
Dive Insight:
This is the third major security incident to hit Okta this year. The company says he has over 14,000 customers and has at least 7,000 integrations with cloud, mobile, web, and IT infrastructure providers. annual report.
Okta earlier this year initially rejected then admitted that it was Compromised by extortion group Lapsus$The group accessed Okta’s data through a third-party vendor and published screenshots several months later boasting of exploits and prompting Okta to take action.
Okta was one of 163 Twilio customers in August Affected by Massive Phishing Attacks.
The campaign, dubbed Oktapus by Group-IB researchers, 10,000 credentials compromised Across 136 organizations. Some of them included Okta ID credentials and one-time authorization codes.
In the latest incident, Okta downplayed the impact of the theft of code repositories on GitHub.
“Okta does not rely on source code confidentiality for the security of our services,” an Okta spokesperson said in a statement. We are in touch.”
The company said it temporarily restricted access to its GitHub repositories, suspended integrations between GitHub and third-party applications, and reviewed all recent commits to Okta repositories to verify code integrity. said. GitHub credentials were also rotated, according to the company.
“Source code has been a popular target for attackers for years.Zaid Al Hamami, founder and CEO of DevSecOps startup BoostSecuritysaid in an email.
“The loss of source code does not directly mean that a customer’s account has been compromised, but attackers can scan the code and potentially lead to further compromises in development and production environments. You can find additional vulnerabilities, tokens, or insights that have something to do with it,” he said.
