BEST OF THE WEB

Okta reports stolen source code

Okta, the access management and identity provider, said that an attacker gained illegal entry to its private GitHub repositories and replicated some of its source code. It had earlier begun notifying customers via email of an incident in which an unidentified party stole the company’s source code.

This is the second security incident of the year. The most recent came to life when Okta was notified by GitHub in early December of possible suspicious access to its online code repositories. Okta determined after an investigation that someone had used that access to copy over its source code but had not gained unauthorized access to its identity and access management systems.

“Our investigation concluded that there was no unauthorized access to the Okta service, and no unauthorized access to customer data,” company officials said in a statement. “Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure.”

According to the statement, the copied source code only applies to the Okta Workforce Identity Cloud and not to any Auth0 products used with the company’s Customer Identity Cloud. Okta officials also stated that after learning of the breach, they temporarily restricted access to the company’s GitHub repositories and suspended GitHub integrations with third-party apps.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web