Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

Okta revealed that its private GitHub repositories were hackedSecurity Affairs

admin by admin
December 21, 2022
in Cyber News


American identity and access management giant Okta revealed that that its private GitHub repositories were hacked this month.

Okta revealed that its private GitHub repositories were hacked this month, the news was first reported by BleepingComputer which had access to ‘confidential’ email notification sent by Okta.

According to the notification threat actors have stolen the Okta’s source code.

“As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications.” reads the email sent by the company “We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials. We have also notified law enforcement.”

The security breach was discovered by GitHub earlier this month when the company noticed suspicious access to Okta’s code repositories.

“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” writes David Bradbury, the Okta Chief Security Officer (CSO) in the mail.

According to the notification, intruders did not gain access to its service or customer data

Okta states that “HIPAA, FedRAMP or DoD customers” were not affected.

The incident is related to the Okta Workforce Identity Cloud (WIC) code repositories and doesn’t impact Auth0 Customer Identity Cloud products. 

The company announced to have taken steps to prevent threat actors can use the stolen code to access company or customer environments.

In March 2022, the Lapsus$ extortion group has stolen sensitive data from Okta, including customer data, and published screenshots of the stolen data on its Telegram channel.

The company launched an investigation into the claims of a data breach, while the CEO Todd McKinnon confirmed that in late January 2022 the company detected an attempt to compromise the account of a third-party customer support engineer working for one of its subprocessors.

The company revealed that the security breach impacted 2.5% of its customers (approximately 375), but pointed out that they have no action that should do. The Lapsus$ extortion group compromised the laptop of one of its support engineers that allowed them to reset passwords for some of its customers.

Investigators discovered that the attackers had access to the laptop for five days starting from January 16, 2022.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, GitHub)



Share On






Source link

Previous Post

Manuskh Mandaviya Hits Back At Congress Over RaGa’s Bharat Jodo Yatra Targeting Accusations –

Next Post

Chris Inglis to resign as national cyber director

Next Post

Chris Inglis to resign as national cyber director

Recommended

Odisha Police suspends Naba Das personal security officer

4 days ago

Bomb found near Punjab CM Bhagwant Mann’s house in Chandigarh –

1 month ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.