Okta had another security incident, this time involving stolen source code | Engadget


Okta is responding to a major security incident for the second time this year. As first reported by BleepingComputer, Okta began notifying customers earlier today via email of an event that saw an unnamed party steal the company’s source code. In early December, Okta was notified by GitHub of possible suspicious access to its online code repositories. Following an investigation, Okta determined someone had used that access to copy over its source code but that they had subsequently not gained unauthorized access to its identity and access management systems.

In a statement Okta shared with Engadget, the company confirmed it was notifying customers of a recent security incident, and pointed to a blog post it published moments ago. “In early December 2022, GitHub alerted Okta about possible suspicious access to Okta code repositories. We have confirmed no customer data was impacted, nor was there any other customer impact. No customer action is required and the Okta service remains fully operational and secure,” an Okta spokesperson told Engadget. “Okta does not rely on the confidentiality of its source code for the security of its services. This event does not impact any other Okta products, and we have been in communication with our customers.”

While the damage from the GitHub incident appears minimal, the event was still a significant test of Okta. Following the Lapsus$ breach that saw hackers from the ransomware gang access two active customer accounts, the company admitted it “made a mistake” in handling the disclosure of that data breach. You may recall it took Okta two months to notify customers of what had happened, and one of the things it promised to do in the aftermath of the incident was “communicate more rapidly with customers.” That pledge was put to the test.

Update 4:27PM ET: Added confirmation and comment from Okta. 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.


Source link

Related Posts

How to share a TikTok video to another app

[ad_1] TikTok has captured a massive swathe of the social media landscape in recent years thanks to its addictive algorithm and bite-sized clips that just beg to…

Better late than never: Epic Games reveals free games for March 23

[ad_1] Running a little late, Epic Games finally revealed the free games we can expect in its store on March 23. Usually, the company reveals its next…

The Shazam Sequel Sparks and Fizzles at the Box Office

[ad_1] Image: Warner Bros. Superhero fatigue seems to be hitting both Marvel and DC hard. Alongside a kind of mid-level audience response to Quantumania (it did good,…

US authorities arrest alleged BreachForums owner and FBI hacker Pompompurin | Engadget

[ad_1] US law enforcement authorities this week arrested the person allegedly responsible for . As reported by (via ), FBI agents on Wednesday arrested Conor Brian Fitzpatrick…

2 Ways to Use Google Magic Eraser on Your iPhone and iPad

[ad_1] Google Pixel’s native magic eraser feature has finally made its way to iOS devices, but it comes with a catch. Users with Google One subscription can…

Best mirrorless cameras 2023: Top interchangeable lens cameras from Sony, Fujifilm, Panasonic and more

[ad_1] Mirrorless cameras are where it’s at for both photographers and video makers alike, if you want to learn more about the top options available, you’re in…

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: