Another breach of GitHub repositories is causing another big problem for authentication services provider Okta. Client login information does not appear to have been compromised in the breach, but the theft of some amount of source code has raised some concerns about future developments.
Okta GitHub repositories leak source code
Just before the Christmas holiday, Okta acknowledged that its Workforce Identity Cloud (WIC) GitHub repositories were breached and that source code was stolen. It did not release any information on the identity of the attackers or exactly what information was accessed, but did confirm that Auth0 products and other client services were not impacted. The incident had been previously reported to the public by a leaked internal email that outlined roughly the same amount of information.
In addition to clarification of what source code was taken (and what might have been in it), one big remaining question is exactly what the breach window was. Okta reportedly only became aware of the issue when GitHub notified the company of suspicious activity in its repositories in early December, with no clear timeframe established for the malicious access. This is a noteworthy issue as Okta has been caught attempting to bury breaches before.
That includes an incident that took place earlier this year, with 2022 playing out as a very rough period for the company in terms of its reputation for security. The year opened with a breach in January that resulted in theft of some customer data, but word did not reach the public until March as Okta kept it quiet and it only came to light when the attackers made public mention of it. This is also the second time the companies GitHub repositories have been breached in less than half a year; an earlier attack in September yielded stolen source code as well.
Okta is far from the only company that is having GitHub repositories raided, however, as hackers increasingly come to the realization that they can both scan for existing vulnerabilities and potentially insert their own backdoors if they get in early enough in the process.
Okta says source code theft will not impact platform security, but questions remain
At the moment, all the public really knows is that some amount of source code was taken from the GitHub repositories and that the attack was discovered in early December. Source code thefts are always an ongoing concern due to the possibility that the attackers will discover new vulnerabilities, if not login information and authentication tokens sitting within it. But Okta is attempting to reassure its customers by saying that its source code confidentiality is not critical to the security of the platform.
Despite its struggles in 2022, Okta remains the biggest company in the general identity management industry with a little over one-third of the market. The latest security incident may not do much to dampen its fortunes, given that its biggest competitors have been experiencing their own issues in this area.