Okta code stolen from GitHub: News report

Share post:

Some source code of identity and access management provider Okta has reportedly been stolen from its private GitHub repositories, says the Bleeping Computer news service.

The site said it has obtained a security incident notification Okta has been emailing its security contacts. The site also says it has confirmed that multiple sources, including IT administrators, have received the same Okta email notification.

The email, from chief security officer (CSO) David Bradbury, says the company was told by GitHub about suspicious activity earlier this month and then discovered the attack.

The attacker didn’t access customer data or the Okta service, Bradbury said. The stolen code involves Okta Workforce Identity Cloud (WIC) and not any Auth0 (Customer Identity Cloud) products, he added.

It’s the second theft of code the company has reported in four months. In August, a person notified Okta that they possessed a copy of certain Auth0 code repositories dating from October 2020 and earlier. “We immediately launched a thorough internal investigation and enlisted the services of a leading third-party cybersecurity forensics firm. Both investigations, recently concluded, confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access.”

The company said it has taken steps to ensure that this code cannot be used to access Okta or customer environments. It has also notified law enforcement.

Okta bought Auth0, a cloud-based single-sign-on access management provider, in 2021. It isn’t clear from the Okta statement when the person acquired the Auth0 code, only that it wasn’t through customers or access to systems controlled by Okta.

Okta would be considered a prime target for threat actors. Enterprises around the world depend on it for providing universal, single-sign-on and passwordless login services protected with multifactor authentication.

Its most recent product is Okta for US Military, a new identity environment built for the  U.S. Defense Department on Amazon AWS.

Okta was the victim of a third-party hack in January when the Lapsus$ extortion gang breached the IT environment of Twillio and used their access to steal one-time passwords sent via text message to Okta customers. Okta later apologized for not publicly responding fast enough when news of that attack broke.

“This time Okta’s reaction seems to be much faster and more professional compared to the January incident,” says Ilia Kolochenko, founder of ImmuniWeb.

“The consequences of this security incident may seem insignificant,” he added. “However, access even to a small part of the source code may have a domino effect on the organization. Oftentimes, some parts of source code is shared among different products, offering attackers a plethora of unique opportunities to reverse engineer business-critical software and find zero-day vulnerabilities.

“Likewise, modern source code still contains numerous hardcoded secrets, such as database passwords or API keys, despite the growing implementation of more secure mechanisms to handle secrets. This incident is a telling example that cybercriminals are now actively targeting their victims’ CI/CD [continuous integration/development] pipelines that have become prevalent in a corporate environment, whilst being largely underprotected due to the novelty and comparative complexity of the technology. We should expect more similar attacks in 2023.”

Having source code can make it easier for a threat actor to find vulnerabilities, Johannes Ullrich, director of research at the SANS Institute, said in an interview. But, he added, exploiting them depends on how good Okta is at scanning its code before making products live. “If they do their due diligence, the attacker should not have any easier time finding vulnerabilities than Okta has.”

The post Okta code stolen from GitHub: News report first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Cyber Security Today, Week in Review for week ending Friday, March 22, 2024

This episode features discussion on lessons learned from the ransomware attack on the British Library, advice for managing expectations of IT/security teams, why firms are leaving Google Firebase unprotecte

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways