Security News > 2022 > December > Crooks copy source code from Okta’s GitHub repository

Crooks copy source code from Okta’s GitHub repository
2022-12-23 00:27

Intruders copied source code belonging to Okta after breaching the identity management company's GitHub repositories.

Okta was alerted by Microsoft-owned GitHub earlier this month of "Suspicious access" to its code repositories and determined that miscreants copied code associated with the company's Workforce Identity Cloud, an enterprise-facing access and identity management tool to enable workers and partners to work from anywhere.

Okta said it doesn't need the source code to remain confidential to secure its services, so it is still operational and secure.

After learning of the suspicious access, the vendor put temporarily restricted access to Okta's GitHub repositories and suspended GitHub integrations with third-party applications.

"We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials," Okta said, adding that law enforcement also was notified.

Matt Mullins, senior security researcher at cybersecurity firm Cybrary, told The Register in an email that Okta's GitHub breach is only the latest example of cybercriminals aiming at developers and code when moving upstream to look for potential victims in supply chain attacks.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/23/okta_code_copy_hack/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90