• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Wednesday, May 14, 2025
  • Login
  • Register
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Tech

After GitHub repositories were hacked, Okta’s source code was stolen

by Sneha Singh
December 22, 2022
in Tech
Reading Time: 3 mins read
0
GitHub
TwitterWhatsappLinkedin

Given the email’s language, the incident appears to be pertinent to Okta Workforce Identity Cloud (WIC) code repositories but not the Auth0 Customer Identity Cloud solution as of the time of writing our report. BleepingComputer’s analysis of an excerpt from the full notification.
Okta is a well-known supplier, identity, and access management (IAM) system. It reports this month’s hacking of its private GitHub repository.

You might also like

“ChatGPT Work” Now Available for Download

Perplexity AI Eyes $14 Billion Valuation in New Funding Round

Toyota Revamps Its U.S. EV Strategy with Redesigned 2026 bZ

The security breach involves threat actors acquiring Okta’s source code, according to a ‘secret’ email warning from Okta that BleepingComputer obtained.

Since a few hours ago, Okta has been emailing a “secret” security problem notification to its “security contacts.” Data collected obtained by BleepingComputer observed this. Furthermore, we have verified that this email warning has reached numerous sources, including IT administrators.

GitHub

GitHub had earlier this month informed Okta of unusual access

According to this notification, GitHub had earlier this month informed Okta of unusual access to Okta’s development repositories. However, according to our analysis, it was utilized to copy the Okta code repositories, says David Bradbury, the Chief Security Officer (CSO) of the organization, in the email.

An excerpt from the remainder of the notification, reviewed by BleepingComputer, is published below:

As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications.

We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials. We have also notified law enforcement.

Additionally, we have taken steps to ensure that this code cannot be used to access company or customer environments. Okta does not anticipate any disruption to our business or our ability to service our customers as a result of this event.

Note: The security event pertains to Okta Workforce Identity Cloud (WIC) code repositories. It does not pertain to any Auth0 (Customer Identity Cloud) products.

We have decided to share this information consistent with our commitment to transparency and partnership with our customers.

Despite stealing Okta’s source code, the business claims that attackers did not have illegal access to the Okta service or user data. Furthermore, since Okta “does not rely on the secrecy of its source code as a means to secure its services,” its “HIPAA, FedRAMP, or DoD customers” are unaffected. As a result, no client action is required.

Okta Workforce Identity Cloud

Given the email’s language, the incident appears to be pertinent to Okta Workforce Identity Cloud (WIC) code repositories but not the Auth0 Customer Identity Cloud solution as of the time of writing our report. BleepingComputer’s analysis of an excerpt from the full notification.
Okta ends its “secret” email by promising a “commitment to transparency” and stating that it will post a statement on its blog today. Before publishing, BleepingComputer contacted Okta with inquiries, but a response wasn’t immediately available.

Okta has had a challenging year due to several security problems and rocky revelations.
Okta-owned Auth0 discovered a similar situation in September of this year. The vendor of the authentication service claims that an unidentified “third-party individual” got previous Auth0 source code repositories from its environment. However, Okta’s issues started much earlier, during the commotion following the revelation of its January breach.

Material extortion organization Lapsus$ started sharing screenshots of the stolen data on Telegram in March of this year, claiming access to Okta’s administrative consoles and client data.

Okta initially responded that it was looking into these accusations. But it soon admitted that the hack in question had happened in late January 2022 and may have impacted 2.5% of its users. Okta had more than 15,000 customers then, so this number was first believed to be around 375 enterprises.

The following week, Okta acknowledged that it had “made a mistake” in disclosing this attack, which the company claimed had been carried out by a third-party contractor named Sitel.
Okta revealed in April that the January breach had lasted “25 straight minutes” and that the impact was much lower than initially thought, limited to only two customers.

Tags: Githubokta
Tweet54SendShare15
Previous Post

Photographer Edelman is raising awareness about the unethical behaviour that their companies are up to

Next Post

Ultimate corporate travel management guide

Sneha Singh

Sneha is a skilled writer with a passion for uncovering the latest stories and breaking news. She has written for a variety of publications, covering topics ranging from politics and business to entertainment and sports.

Recommended For You

“ChatGPT Work” Now Available for Download

by Sneha Singh
May 14, 2025
0
“ChatGPT Work” Now Available for Download

OpenAI has rolled out a significant update to its Deep Research tool in ChatGPT, allowing users to export their research as professionally formatted PDF files. The company announced...

Read more

Perplexity AI Eyes $14 Billion Valuation in New Funding Round

by Sneha Singh
May 14, 2025
0
Perplexity AI Eyes $14 Billion Valuation in New Funding Round

Perplexity AI, a search startup firm, is in advanced discussions to raise a new funding of $500 million, which would lift its valuation to $14 billion, the sources...

Read more

Toyota Revamps Its U.S. EV Strategy with Redesigned 2026 bZ

by Samir Gautam
May 14, 2025
0
Toyota Revamps Its U.S. EV Strategy with Redesigned 2026 bZ

In a bold move aimed at rejuvenating its electric vehicle (EV) strategy in the United States, Toyota has unveiled a redesigned version of its sole EV offering, now...

Read more
Next Post
Ultimate corporate travel management guide

Ultimate corporate travel management guide

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at [email protected]

Advertise With Us

Reach out at - [email protected]

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook flipkart funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News NFT samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2024 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2024 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?