Crooks copy the source code from Okta’s GitHub repository • The Register

Intruders copied Okta’s source code after breaking into the identity management company’s GitHub repositories.

Okta was warned earlier this month by Microsoft-owned GitHub about “suspicious access” to its code repositories and found that criminals had copied code connected to the company’s Workforce Identity Cloud (WIC), a corporate-facing access and identity management tool , with the employee and partner to work from anywhere.

The company said in a statement this week that its investigation found there had been no breach of the WIC service itself or unauthorized access to customer data, including that of HIPAA, FedRAMP or Department of Defense customers.

Additionally, Okta said the source code isn’t needed to remain confidential to secure its services, so it’s still operational and secure.

Officials also said the breach did not affect Auth0 and/or Okta’s Customer Identity Cloud for consumer and software-as-a-service (SaaS) applications. Okta bought Auth0 for $6.5 billion last year in a deal that brought together two high-profile identity and access management (AIM) vendors.

After learning about the suspicious access, the vendor temporarily restricted access to Okta’s GitHub repositories and suspended GitHub integrations with third-party applications.

“We have since reviewed all recent accesses to the GitHub-hosted Okta software repositories to understand the scope of the disclosure, reviewed all recent commits to the GitHub-hosted Okta software repositories to validate the integrity of our code, and rotated GitHub credentials,” Okta said, adding that law enforcement has also been notified.

Matt Mullins, senior security researcher at cybersecurity firm Cybrary, said The registry in an email that Okta’s GitHub breach is just the latest example of cybercriminals targeting developers and code as they move upstream to look for potential victims in supply chain attacks.

“Access to these systems gives an APT [advanced persistent threat] group to take advantage of ‘early access’ to their targets and investigate vulnerabilities (like obvious bugs in code), secrets (like hard-coded credentials in scripts), or misconfigurations (like apparent anti-patterns in configurations),” Mullins said.

Because services like Okta are so important to businesses, he added, “It shouldn’t come as a shock that attackers continue to target the ‘security provider.’ Who watches over the guards?”

Okta was the target of villains this year. In January, the company was targeted by high-profile ransomware group Lapsus$, who gained access to Okta’s internal systems after gaining access through an employee’s workstation. Officials later in the year said essentially the attack would have been much worse had it not implemented a zero-trust policy.

In August, cybersecurity firm Group-IB identified a massive phishing campaign that began in March, dubbed Octapus. The goal was to steal Okta identity data and two-factor authentication (2FA) codes from users in more than 130 target organizations – including Twilio and Cloudflare – and then attack their customers.

In September, Auth0 — which operates as an independent company — announced that prior to its acquisition of Okta, there had been a “security event” involving repositories with code from October 2020 and earlier. However, the company said there was no evidence that its environment or that of customers had been accessed, that data had been stolen or that there had been crooks in its systems. ® Crooks copy the source code from Okta’s GitHub repository • The Register

Rick Schindler

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button