Total Tests:

Okta’s code repositories reportedly breached in cyberattack

By Maria Deutscher for SiliconANGLE
Wednesday, December 21, 2022

The company determined that the hackers didn’t gain access to source code belonging to its Auth0 subsidiary. The subsidiary became part of Okta through a $6.5 billion acquisition that closed in February. Like its parent company, Auth0 provides an identity management platform that companies use to manage who can access their applications and how.

“The consequences of this security incident may seem insignificant, however, access even to a small part of the source code may have a domino effect on the organization,” said Ilia Kolochenko, founder of cybersecurity company ImmuniWeb. “Oftentimes, some parts of source code is shared among different products, offering attackers a plethora of unique opportunities to reverse engineer business-critical software and find zero-day vulnerabilities.”

Okta first became aware of the data breach earlier this month after GitHub notified the company of suspicious activity in its code repositories. In response, Okta temporarily blocked access to its GitHub environment and suspended the integrations that connect the environment with third-party applications. It has also notified law enforcement.

“Additionally, we have taken steps to ensure that this code cannot be used to access company or customer environments,” Bradbury detailed in the advisory. “Okta does not anticipate any disruption to our business or our ability to service our customers as a result of this event.”

The incident comes a few months after Okta’s Auth0 subsidiary disclosed that a hacker stole a portion of its source code. Auth0 stated that the compromised code, which was created before November 2020, can’t be used to access its network or the infrastructure of customers. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential