Okta is responding to a major security incident for at least the second time this year. According to BleepingComputer, Okta began notifying customers earlier today of an event that saw an unnamed party steal the company’s source code. In early December, Okta was notified by GitHub of possible suspicious access to its online code repositories. Following an investigation, Okta determined someone had used that access to copy over its source code but that they had subsequently not gained unauthorized access to its identity and access management systems.
“We have confirmed no unauthorized access to the Okta service, and no unauthorized access to customer data,” writes David Bradbury, Okta’s chief security officer, in the email obtained by BleepingComputer. “Okta does not rely on the confidentiality of its source code for the security of its services.”
Okta did not immediately respond to Engadget’s comment request. In Bradbury’s email, the company promises to publish a blog post about the incident later today. As of the writing of this article, Okta has yet to do that.
While the damage from the GitHub incident appears minimal, the event is still a significant test of Okta. Following the Lapsus$ breach that saw hackers from the ransomware gang access two active customer accounts, the company admitted it “made a mistake” in handling the disclosure of that data breach. You may recall it took Okta two months to notify customers of what had happened, and one of the things it promised to do in the aftermath of the incident was “communicate more rapidly with customers.” Now that pledge is being put to the test.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
