Okta had another security incident, this time involving stolen source code

Okta had another security incident, this time involving stolen source code
By: Engadget Posted On: December 21, 2022 View: 200

Okta is responding to a major security incident for the second time this year. As first reported by BleepingComputer, Okta began notifying customers earlier today via email of an event that saw an unnamed party steal the company’s source code. In early December, Okta was notified by GitHub of possible suspicious access to its online code repositories. Following an investigation, Okta determined someone had used that access to copy over its source code but that they had subsequently not gained unauthorized access to its identity and access management systems.

In a statement Okta shared with Engadget, the company confirmed it was notifying customers of a recent security incident, and pointed to a blog post it published moments ago. "In early December 2022, GitHub alerted Okta about possible suspicious access to Okta code repositories. We have confirmed no customer data was impacted, nor was there any other customer impact. No customer action is required and the Okta service remains fully operational and secure," an Okta spokesperson told Engadget. "Okta does not rely on the confidentiality of its source code for the security of its services. This event does not impact any other Okta products, and we have been in communication with our customers."

While the damage from the GitHub incident appears minimal, the event was still a significant test of Okta. Following the Lapsus$ breach that saw hackers from the ransomware gang access two active customer accounts, the company admitted it “made a mistake” in handling the disclosure of that data breach. You may recall it took Okta two months to notify customers of what had happened, and one of the things it promised to do in the aftermath of the incident was “communicate more rapidly with customers.” That pledge was put to the test.

Update 4:27PM ET: Added confirmation and comment from Okta. 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.

Adblock test (Why?)

Read this on Engadget Header Banner
  Contact Us
  • Contact Form
  Follow Us

Brainfind is your one-stop shop for breaking news headlines and personalized news stories. Not only are we a news aggregator and content curator, we also allow registered users to publish their own articles on our website with full credit and their social links.