Okta, an authentication service provider, witnessed a major source code theft in the third GitHub breach of the year, compromising Okta’s Workforce Identity Cloud repositories hosted on GitHub.
As per an email notification by Okta, GitHub notified the company of anonymous and suspicious activity in its source code repositories in early December, wherein anonymous actors duplicated some repositories containing Okta’s source code. However, no infrastructural or customer data was reportedly affected.
Nevertheless, Okta source code theft can potentially impact the organization in two ways. It can expose how the organization works internally on software products and web-based platforms. Additionally, it can inadvertently leak passwords or other confidential information within the source code, which Toyota also witnessed in October 2022.
After being notified, Okta restricted its GitHub access and suspended all sorts of integrations with third-party applications. The authorities notified that no customer action or service would be terminated–they are operational and secure.
Okta wrote, “We have taken steps to ensure that this code cannot be used to access company or customer environments.” The company is, unfortunately, an attractive target for source code theft, given its access management products and services with a solid consumer base of over 17,000 people. In fact, there is a phishing campaign called Oktapus, which intends threat actors to try compromising Okta credentials and 2FA (two-factor authentication) code.
Okta has also suffered other cyber attacks in 2022. In January, it was targeted by the Lapsus$ extortion group, compromising over 2.5% of Okta customers. Later in September, the company suffered a break of Auth0 code repositories.