Okta code stolen from GitHub: News report

Share post:

Some source code of identity and access management provider Okta has reportedly been stolen from its private GitHub repositories, says the Bleeping Computer news service.

The site said it has obtained a security incident notification Okta has been emailing its security contacts. The site also says it has confirmed that multiple sources, including IT administrators, have received the same Okta email notification.

The email, from chief security officer (CSO) David Bradbury, says the company was told by GitHub about suspicious activity earlier this month and then discovered the attack.

The attacker didn’t access customer data or the Okta service, Bradbury said. The stolen code involves Okta Workforce Identity Cloud (WIC) and not any Auth0 (Customer Identity Cloud) products, he added.

It’s the second theft of code the company has reported in four months. In August, a person notified Okta that they possessed a copy of certain Auth0 code repositories dating from October 2020 and earlier. “We immediately launched a thorough internal investigation and enlisted the services of a leading third-party cybersecurity forensics firm. Both investigations, recently concluded, confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access.”

The company said it has taken steps to ensure that this code cannot be used to access Okta or customer environments. It has also notified law enforcement.

Okta bought Auth0, a cloud-based single-sign-on access management provider, in 2021. It isn’t clear from the Okta statement when the person acquired the Auth0 code, only that it wasn’t through customers or access to systems controlled by Okta.

Okta would be considered a prime target for threat actors. Enterprises around the world depend on it for providing universal, single-sign-on and passwordless login services protected with multifactor authentication.

Its most recent product is Okta for US Military, a new identity environment built for the  U.S. Defense Department on Amazon AWS.

Okta was the victim of a third-party hack in January when the Lapsus$ extortion gang breached the IT environment of Twillio and used their access to steal one-time passwords sent via text message to Okta customers. Okta later apologized for not publicly responding fast enough when news of that attack broke.

“This time Okta’s reaction seems to be much faster and more professional compared to the January incident,” says Ilia Kolochenko, founder of ImmuniWeb.

“The consequences of this security incident may seem insignificant,” he added. “However, access even to a small part of the source code may have a domino effect on the organization. Oftentimes, some parts of source code is shared among different products, offering attackers a plethora of unique opportunities to reverse engineer business-critical software and find zero-day vulnerabilities.

“Likewise, modern source code still contains numerous hardcoded secrets, such as database passwords or API keys, despite the growing implementation of more secure mechanisms to handle secrets. This incident is a telling example that cybercriminals are now actively targeting their victims’ CI/CD [continuous integration/development] pipelines that have become prevalent in a corporate environment, whilst being largely underprotected due to the novelty and comparative complexity of the technology. We should expect more similar attacks in 2023.”

Having source code can make it easier for a threat actor to find vulnerabilities, Johannes Ullrich, director of research at the SANS Institute, said in an interview. But, he added, exploiting them depends on how good Okta is at scanning its code before making products live. “If they do their due diligence, the attacker should not have any easier time finding vulnerabilities than Okta has.”

The post Okta code stolen from GitHub: News report first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs



Related articles

Gartner debunks myths undermining cybersecurity success

Henrique Teixeira, Senior Director Analyst at Gartner, and Leigh McMullen, Distinguished VP Analyst at Gartner, highlighted and disproved...

Toyota discloses customer data breach

Toyota has disclosed that customer information from Japan and other countries in Asia and Oceania was publicly available...

Critical Vulnerability found in MOVEit

Progress Software has warned about a critical vulnerability in its popular file-transfer software, MOVEit, which could allow malicious...

Canadian Defence Minister concerned over increasing cyberattacks

Canadian Defence Minister Anita Anand has issued a warning that the country's key infrastructure is more vulnerable to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways