Okta says source code for Workforce Identity Cloud service was copied

Okta said on Wednesday that the Okta Workforce Identity Cloud service was copied after someone gained access to the company's private repository.

Company officials said in a statement that there was no unauthorized access to the Okta service. Okta does not rely on the confidentiality of its source code. The Okta service is safe and operational.

According to the statement, copied source code only pertains to the Okta Workforce Identity Cloud and doesn't include any Auth0 products used with the Customer Identity Cloud. Okta put restrictions on access to the company's repository and suspended integrations with third-party apps after learning of the incident.

The statement said that they had reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure. Law enforcement has been notified.

Advertisement

The Okta workforce identity cloud provides access management, governance, and privileged access controls in a single package. Large organizations handle these things piecemeal. Okta introduced a service last month that is intended to automate these processes.

Last March, the Lapsus$ ransomware group posted images that appeared to show it had obtained proprietary data from Okta and Microsoft. Okta officials said the data was obtained after the threat actor gained unauthorized access to the account of a “third-party customer support engineer working for one of our subprocessors.”

The company said the attempt to break into Okta was unsuccessful and that the access the hackers gained to the third-party account didn't allow them to create or remove users. The Lapsus$ members claimed that they were able to reset the passwords of 95 of Okta's customers after logging into the super user portal.

In August, Okta said that hackers used their access to obtain information belonging to a number of their customers. The threat actor was able to get data for 163 customers because of the breach. Okta said the threat actor could get the phone numbers of some of its customers.

Okta revealed in September that Auth0's code repository had also been accessed without authorization.

Bleeping Computer reported the disclosure of the Okta source code copying.