In an email, Okta notified customers of an incident where code was stolen from the login provider’s GitHub repositories. According to the company, no customer data was stolen and no hackers had access to Okta’s systems.
Okta has sent the email to IT administrators of its customers. The email has been viewed by BleepingComputer. Okta writes that GitHub contacted the company in early December 2022 to inform it of possible unauthorized access to Okta’s repositories. The company confirms that code was indeed stolen.
According to the login provider, this is code from the Okta Workforce Identity Cloud. The company emphasizes that the hackers did not have access to the code of Auth0, which is used with the company’s Customer Identity Cloud. Furthermore, an Okta spokesperson told Engadget that “the stolen code does not affect the security of the company’s products because security is not dependent on whether the source code is secret.”
It is the second time this year that Okta has been targeted by hackers. In January, hackers from the apsus$ group broke into the security company. The damage was then considerably greater because the hackers were able to penetrate two other companies via Okta . The hackers also had access to Okta’s Slack and Jira environment itself.