Breach, Channel partners, Content

Okta Data Breach: Cybercriminals Steal IAM Provider’s Source Code

Hacking red and blue digital binary code matrix 01 background. Hacker, dark web, matrix, Digital data code in safety security technology concept. 3D rendering

Cybercriminals have hacked GitHub repositories of identity and access management (IAM) solutions provider Okta, according to BleepingComputer.

Okta has notified various "security contacts" about the data breach, BleepingComputer noted. Multiple IT administrators and other sources confirmed to BleepingComputer that they have been notified about the incident.

Okta's Source Code Swiped

The data breach involves threat actors stealing Okta's source code, BleepingComputer reported, citing a "confidential" security incident notification sent by Okta. The notification indicated that threat actors were unable to access Okta's service or customer data. It also revealed that Okta's "HIPAA, FedRAMP DoD customers" were unaffected.

Okta has taken steps to ensure the compromised source code "cannot be used to access company or customer environments," the company stated in its security incident notification. In addition, Okta said it does not expect the data breach to disrupt its operations or impact its ability to serve its customers.

Lapsus$ Hackers Target, Attack Okta

Okta's GitHub repositories hack comes after the company on March 22, 2022 reported it was investigating a cyberattack by the Lapsus$ hacker group (which targeted several high-profile organizations). Up to 366 Okta customers were believed to have been affected by the breach, Chief Security Officer David Bradbury stated in March 2022. However, BleepingComputer reported in April 2022 that the cyberattack affected only two Okta customers.

The Lapsus$ cyberattack began in January 2022 and involved Sitel, a contact center company and one of Okta's contractors, Bradbury said. Initially, Okta received an alert that a new multi-factor authentication (MFA) factor was added to a Sitel employee’s Okta account from a new location. At this point, Okta began its investigation and received a complete investigation report on March 22.

In total, the Lapsus$ cyberattack against Okta lasted approximately 25 minutes, according to BleepingComputer. Okta had not been breached and remained fully operational throughout the Lapsus$ cyberattack, Bradbury stated. Also, Okta noted that its customers did not need to take "any corrective actions" at that time.

More than 17,000 organizations globally use Okta's IAM platform. Furthermore, Okta provides over 7,500 integrations used by MSSPs, MSPs and other technology providers.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.