This marks the third major security incident to hit Okta this year. The company has more than 14,000 customers and at least 7,000 integrations with cloud, mobile, web and IT infrastructure providers, according to its annual report.
Okta earlier this year initially denied then later admitted it was breached by the extortion group Lapsus$. The group gained access to Okta data through a third-party vendor, then published screenshots months later to boast of the exploit and goad Okta’s response.
In August, Okta was one of 163 Twilio customers impacted by an expansive phishing attack.
That campaign, dubbed Oktapus by researchers at Group-IB, compromised 10,000 credentials across 136 organizations. Some of those included Okta identity credentials and one-time authentication codes.
In the latest incident, Okta downplayed the impact of the theft of code repositories on GitHub.
“Okta does not rely on the confidentiality of its source code for the security of its services,” an Okta spokesperson said in a statement. “This event does not impact any other Okta products, and we have been in communication with our customers.”
The company said it temporarily restricted access to the GitHub repositories and suspended GitHub integrations with third-party applications to review all recent commits to Okta repositories and validate the integrity of its code. GitHub credentials were also rotated, the company said.
“Source code has been a common target for threat actors for years,” Zaid Al Hamami, founder and CEO at DevSecOps startup BoostSecurity, said via email.
“Even though losing the source code does not directly imply that customer account breaches have occurred, attackers can go on to scan the code for additional vulnerabilities, tokens or insights that could lead to further breaches in the development and/or the production environment,” he said.
Get the free daily newsletter read by industry experts
The scale of cyberthreats are growing, spilling into the mainstream. In 2023, expect the spotlight to add pressure to businesses that have underinvested in security.
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
The scale of cyberthreats are growing, spilling into the mainstream. In 2023, expect the spotlight to add pressure to businesses that have underinvested in security.
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
The free newsletter covering the top industry headlines
source
—
Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…