Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month.
“There is no impact to any customers, including any HIPAA, FedRAMP, or DoD customers,” the company said in a public statement. “No action is required by customers.”
The security event, which was first reported by Bleeping Computer, involved unidentified threat actors gaining access to the Okta Workforce Identity Cloud (WIC) code repositories hosted on GitHub. The access was subsequently abused to copy the source code.
The cloud-based identity management platform noted that it was alerted to the incident by Microsoft-owned GitHub in early December 2022. It also emphasized that the breach did not result in unauthorized access to customer data or the Okta service.
Upon discovering the lapse, Okta said it placed temporary restrictions on repository access and that it suspended all GitHub integrations with other third-party applications.
images from Hacker News