Okta records theft of source code repositories
Okta has revealed that a malicious users hacked and replicated its source code repositories on GitHub earlier this month, after previously reporting a compromise carried out by South American hacking group, Lapsus$.
GitHub, on the other hand, notified Okta in early December of potentially suspicious access to its online code repositories. Since the theft was discovered after an investigation, Okta has begun informing customers via email of an event in which an unidentified party stole the company’s source code.
In response, to review all recent commits to Okta repositories and validate the integrity of its code, the company temporarily restricted access to the GitHub repositories and suspended GitHub integrations with third-party applications. GitHub credentials were also rotated, according to the company.
Although the breach appears to be limited to Okta’s Workforce Identity Cloud product, which combines access management, governance, and privileged access controls.
Threat actors are said to benefit from the theft by gaining early access to their targets and researching vulnerabilities, hard-coded credentials in scripts, or misconfigurations. Further investigation revealed that the incident had no effect on Okta’s customers, including HIPAA, FedRAMP, and DoD customers, and thus no action is required.
According to a blog post by Okta; it had concluded investigation and it affirms that no customer data was accessed, and the Okta service remains unaffected. Okta stated that the breach was made known to them as soon as possible; “we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications.”
Furthermore, Okta stated that it does not require the source code to remain confidential in order to secure its services, so it is still operational and secure. However, some people are concerned because the thieves may go on to scan the code for additional vulnerabilities, tokens, or insights that could lead to further breaches in the development and production environments.
The sources for this piece include an article in HackRead.