Hackers copied the source code of Okta after hacking into the identity management company’s GitHub repositories.
Okta was alerted by Microsoft-owned GitHub earlier this month of “suspicious access” to its code repositories and determined that the miscreants copied code associated with the company’s Workforce Identity Cloud (WIC), an enterprise-facing access and identity management tool to empower workers. And partners to work from anywhere.
The company said in a statement this week that its investigation concluded there was no breach of the WIC service itself or unauthorized access to customer data, including HIPAA, FedRAMP, or Department of Defense customer data.
In addition, Octa said that it does not need the source code to remain secret to secure its services, so it is still working and secure.
Officials also said the breach did not address Auth0 and Okta Customer Identity Cloud for consumer and software-as-a-service (SaaS) applications. Okta bought Auth0 last year for $6.5 billion in a deal that brought together two high-profile identity and access management (AIM) vendors.
After learning of the suspicious access, the vendor placed temporary restricted access to Okta’s GitHub repositories and suspended GitHub integration with third-party applications.
“We have since reviewed all recent accesses to Okta software repositories hosted by GitHub to understand the scope of exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials,” said Okta. , adding that law enforcement has also been notified.
said Matt Mullins, chief security researcher at cybersecurity firm Cybrary log In an email stating that the Okta GitHub breach is just the latest example of cybercriminals targeting developers and code when going upstream to look for potential victims in supply chain attacks.
Access to these systems gives APT [advanced persistent threat] Collect the advantages of “early access” to their targets and research weaknesses (such as obvious flaws in code), secrets (such as credits encoded in scripts), or misconfigurations (such as obvious antipatterns in configurations),” Mullins said.
He added that with services like Okta being so important to businesses, “it should come as no surprise that attackers continue to target the ‘security’ provider. Who watches the guards?”
Okta has been a target for the Villains this year. In January, the company was attacked by a high-profile Lapsus$ extortion group, which gained access to Okta’s internal systems after accessing it via the worker’s workstation. Officials later in the year said essentially that the attack would have been much worse had he not implemented the no-trust policy.
In August, cybersecurity firm Group-IB identified a massive phishing campaign that began in March and dubbed it Oktapus. It aimed to steal Okta Identity credentials and two-factor authentication (2FA) tokens from users in more than 130 targeted organizations — including Twilio and Cloudflare — and then attack their customers.
In September, Auth0 — which operates as an independent company — said there had been a “security event” involving repositories related to token from October 2020 onwards, prior to the acquisition of Okta. However, the company said there was no evidence that its or its customers’ environment was accessed, data stolen, or that fraudsters were present in its systems. ®
#Scammers #copy #source #code #Okta #GitHub #repository