A threat actor breached a private GitHub repository of Okta, a well-known provider of identity services, and stole source code belonging to the company, the tech news site BleepingComputer reported.
According to a “confidential” email notification sent by Okta to its “security contacts,” the incident that is said to be relevant to Okta Workforce Identity Cloud (WIC) code repositories occurred earlier this month, when the GitHub security team detected suspicious access to Okta's code repositories.
It appears that the attackers stole Okta’s source code, but did not gain unauthorized access to the Okta service or customer data, including “HIPAA, FedRAMP or DoD customers,” as “Okta does not rely on the confidentiality of its source code for the security of its services.”
This is not the first breach the company suffered this year. In March, the identity giant admitted a January hack after the Lapsus$ data extortion group published screenshots showing access to the company’s internal systems, which they obtained through a compromised computer of one of Okta’s third-party customer support engineers.