Okta, a leading solution provider of identity and access management solutions, has confirmed their private GitHub repositories were hacked this month.
In an email obtained by BleepingComputer, a ‘confidential’ security incident notification was sent to security contacts regarding suspicious access to Okta code repositories.
According to BleepingComputer, the incident appears to be related to Okta Workforce Identity Cloud (WIC) code repositories, but not any Auth0 (Customer Identity Cloud) products.
“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” wrote David Bradbury, Okta’s Chief Security Officer (CSO) in the email.
“We have confirmed no unauthorized access to the Okta service, and no unauthorized access to customer data,” Bradbury added.
Okta said they will publish a statement with likely more details regarding the incident later today.
Readers may recall earlier this year when Okta investigated reports that the firm had been allegedly breached by the Lapsus$ ransomware cybercriminal group.
In March 23, 2022, Okta later confirmed the company was not breached, but rather the incident was limited to an unsuccessful attempt to compromise the account of a customer support engineer working for a third-party provider.