GitHub incident allowed attacker to copy Okta's source code

Access management giant Okta had some of its source code copied after an intruder gained unauthorized access to its private GitHub repositories, the company said Wednesday.

The security incident, which took place "in early December," affected Okta Workforce Identity Cloud, which provides anti-phishing features, passkey management, and a number of other security tools to enterprise users. The incident does not pertain to Okta's Auth0 products, according to a statement posted to the company's website Wednesday afternoon.

"Our investigation concluded that there was no unauthorized access to the Okta service, and no unauthorized access to customer data," the company said. "Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure."

Okta added that it has notified law enforcement of the incident, placed temporary restrictions on access to its GitHub repositories and suspended all GitHub integrations with third-party applications.

"We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials."

The incident was first reported by Bleeping Computer.

The revelation is just the latest in a series of security disclosures the company has made throughout the year. In March, the ransomware group known as Lapsus$ claimed it had accessed Okta's systems, though the company's chief security officer said Okta had "not been breached." Shortly after, the company revised its statement to say that 366 customers were impacted by the incident and later said that only two customers were breached.

David Bradbury, the company's chief security officer, publicly apologized for the incident, and the company in an FAQ said it "made a mistake" in how it responded to the hack.

In September, Auth0 source code repositories were taken in a similar type of incident to the one disclosed Wednesday. Okta said that its investigation of that incident did not reveal any "customer impact from this event, and no action is required by our customers.