Okta Had Another Security Incident, This Time Involving Stolen Source Code

SHARE THIS ARTICLE

REACH US

GENERAL INQUIRY

[email protected]

ADVERTISING

[email protected]

PRESS RELEASE

[email protected]

HOTLINE

+673 222-0178 [Office Hour]

+673 223-6740 [Fax]

Upcoming Events

Prayer Times

The prayer times for Brunei-Muara and Temburong districts. For Tutong add 1 minute and for Belait add 3 minutes.

Imsak	: 05:01 AM
Subuh	: 05:11 AM
Syuruk	: 06:29 AM
Doha	: 06:51 AM
Zohor	: 12:32 PM
Asar	: 03:44 PM
Maghrib	: 06:32 PM
Isyak	: 07:42 PM

The Business Directory

Security & Privacy

Home > Security & Privacy

Okta Had Another Security Incident, This Time Involving Stolen Source Code

Dado Ruvic / reuters

December 22nd, 2022 | 10:00 AM | 823 views

ENGADGET

The company recently began notifying customers of an investigation it conducted earlier this month.

Okta is responding to a major security incident for the second time this year. As first reported by BleepingComputer, Okta began notifying customers earlier today via email of an event that saw an unnamed party steal the company’s source code. In early December, Okta was notified by GitHub of possible suspicious access to its online code repositories. Following an investigation, Okta determined someone had used that access to copy over its source code but that they had subsequently not gained unauthorized access to its identity and access management systems.

In a statement Okta shared with Engadget, the company confirmed it was notifying customers of a recent security incident, and pointed to a blog post it published moments ago. "In early December 2022, GitHub alerted Okta about possible suspicious access to Okta code repositories. We have confirmed no customer data was impacted, nor was there any other customer impact. No customer action is required and the Okta service remains fully operational and secure," an Okta spokesperson told Engadget. "Okta does not rely on the confidentiality of its source code for the security of its services. This event does not impact any other Okta products, and we have been in communication with our customers."

While the damage from the GitHub incident appears minimal, the event was still a significant test of Okta. Following the Lapsus$ breach that saw hackers from the ransomware gang access two active customer accounts, the company admitted it “made a mistake” in handling the disclosure of that data breach. You may recall it took Okta two months to notify customers of what had happened, and one of the things it promised to do in the aftermath of the incident was “communicate more rapidly with customers.” That pledge was put to the test.

Source:
courtesy of ENGADGET

by Igor Bonifacic

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]