In an email, Okta notified customers of an incident where code was stolen from the login provider’s GitHub repositories. According to the company, no customer data was stolen and no hackers had access to Okta’s systems.
Okta has sent the email to IT administrators of its customers. The email has been viewed by Bleeping Computer. Okta writes that GitHub contacted the company in early December 2022 to inform it of possible unauthorized access to Okta’s repositories. Company confirms that code has indeed been stolen.
According to the login provider, this is code from the Okta Workforce Identity Cloud. The company emphasizes that the hackers did not have access to the code of Auth0, which is used with the company’s Customer Identity Cloud. Further says a spokesperson for Okta told Engadget that “the stolen code has no impact on the security of the company’s products because security is not dependent on whether the source code is secret.”
It is the second time this year that Okta has been targeted by hackers. In January, hackers from the Lapsus$ group broke into the security company. The damage was then considerably greater because the hackers were able to penetrate two other companies via Okta. The hackers also had access to Okta’s Slack and Jira environment itself.