Okta’s code repositories reportedly breached in cyberattack
Wednesday, December 21, 2022
The company determined that the hackers didn’t gain access to source code belonging to its Auth0 subsidiary. The subsidiary became part of Okta through a $6.5 billion acquisition that closed in February. Like its parent company, Auth0 provides an identity management platform that companies use to manage who can access their applications and how.
“The consequences of this security incident may seem insignificant, however, access even to a small part of the source code may have a domino effect on the organization,” said Ilia Kolochenko, founder of cybersecurity company ImmuniWeb. “Oftentimes, some parts of source code is shared among different products, offering attackers a plethora of unique opportunities to reverse engineer business-critical software and find zero-day vulnerabilities.”
Okta first became aware of the data breach earlier this month after GitHub notified the company of suspicious activity in its code repositories. In response, Okta temporarily blocked access to its GitHub environment and suspended the integrations that connect the environment with third-party applications. It has also notified law enforcement.
“Additionally, we have taken steps to ensure that this code cannot be used to access company or customer environments,” Bradbury detailed in the advisory. “Okta does not anticipate any disruption to our business or our ability to service our customers as a result of this event.”
The incident comes a few months after Okta’s Auth0 subsidiary disclosed that a hacker stole a portion of its source code. Auth0 stated that the compromised code, which was created before November 2020, can’t be used to access its network or the infrastructure of customers. Read Full Article
IT World Canada: Okta code stolen from GitHub: News report
CPO Magazine: Uber Data Breach of Employee Information Caused by Third-Party Vendor