News

SOURCE CODE COP — Okta says source code for Workforce Identity Cloud service was copied Code stored on GitHub was copied after threat actor gained unauthorized access.

Dan Goodin – Dec 21, 2022 10:50 pm UTC EnlargeGetty Images reader comments 30 with 0 posters participating Share this story Share on Facebook Share on Twitter Share on Reddit

Single sign-on provider Okta said on Wednesday that software code for its Okta Workforce Identity Cloud service was copied after intruders gained access to the companys private repository on GitHub.

Our investigation concluded that there was no unauthorized access to the Okta service, and no unauthorized access to customer data, company officials said in a statement. Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure.

The statement said that copied source code pertains only to the Okta Workforce Identity Cloud and doesnt pertain to any Auth0 products used with the companys Customer Identity Cloud. Officials also said that upon learning of the breach, Okta placed temporary restrictions on access to the companys GitHub repositories and suspended GitHub integrations with third-party apps.

We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials, the statement added. We have also notified law enforcement. Advertisement

The Okta Workforce Identity Cloud provides access management, governance, and privileged access controls in a single package. Many large organizations handle these things piecemeal using manual processes. The service, which Okta introduced last month, is designed to unify and automate these processes.

Further ReadingFirst Microsoft, then Okta: New ransomware gang posts data from bothLast March, the Lapsus$ ransomware group posted images that appeared to show it had obtained proprietary data from Okta and Microsoft. Okta officials said the data was obtained after the threat actor gained unauthorized access to the account of a third-party customer support engineer working for one of our subprocessors.

The company said the attempt to breach Okta was unsuccessful and that the access the hackers gained to the third-party account didnt allow them to create or delete users, download customer databases, or obtain password data. Lapsus$ members refuted this claim and noted that the screenshots indicated they had logged into the superuser portal, a status they said gave them the ability to reset the passwords and multifactor authentication credentials of 95 of Oktas customers.

In August, Okta said that hackers who had recently breached security provider Twilio used their access to obtain information belonging to an unspecified number of Okta customers. Twilio disclosed the breach three weeks earlier and said it allowed the threat actor to obtain data for 163 customers. Okta said the threat actor could obtain mobile phone numbers and associated SMS messages containing one-time passwords of some of its customers.

In September, Okta revealed that code repositories for Auth0, a company it acquired in 2021, had also been accessed without authorization.

Wednesdays disclosure of the Okta source-code copying was first reported by Bleeping Computer. reader comments 30 with 0 posters participating Share this story Share on Facebook Share on Twitter Share on Reddit Dan Goodin Dan is the Security Editor at Ars Technica, which he joined in 2012 after working for The Register, the Associated Press, Bloomberg News, and other publications. Find him on Mastodon at: https://infosec.exchange/@dangoodin Email dan.goodin@arstechnica.com Advertisement Channel Ars Technica ← Previous story Next story → Related Stories Today on Ars