Okta Data Breach: What Happened and How Many Were Affected

Close-up of an Okta business sign affixed to a an office building that is adorned with many palm trees

On December 21st, 2022, Okta—a leading enterprise identity and access management (IAM) provider—announced they had been affected by a data breach. The company revealed the attack was aimed at their GitHub repositories, but did not specify what type of information was exposed Okta was also affected by a data breach in January 2022, and at that time a threat actor accessed their environment via a workstation and they were able to see various Jira and Slack information. However, no customer data was accessed and there was no authentication to any Okta accounts. That is, of course, based on the information shared by the company.

The December data breach

Unfortunately for Okta, the company also had to deal with another attack in December. The company already confirmed that they are responding to a security incident. According to the company, a hacker accessed private Okta source code after one of their GitHub repositories were attacked.

The issue came to light in early December, when the company was informed by GitHub that their code repositories ended up having a very suspicious activity. What the company concluded based on its investigation is that the hackers relied on malicious access to try and copy code repositories. Apparently their main focus was to copy repositories related to the workforce identity cloud. That’s the enterprise solution delivered by Okta, so the main focus was mostly business data and customers. 

What did Okta do as a response to this hack?

Once the Okta team learned about the suspicious activity, they added restrictions to the GitHub repository and they also suspended any integrations with third party apps. This was in an effort to prevent the issue from spreading even more than it would. The company did not say how the attackers were able to gain access to the private repositories. That’s likely mostly due to legal concerns that are still ongoing.

Fortunately, no payment or financial information was accessed in this incident and there is no evidence that any customer data was exfiltrated from Okta’s systems. Still, the company took immediate steps to protect affected customers by resetting all passwords associated with their accounts; suspending any suspicious login attempts from certain IP addresses; disabling credentials believed to have been used during the attack; strengthening overall security protocols around user authentication processes; and introducing additional monitoring procedures for anomalous behavior on their networks.

Was customer data accessed during this Okta data breach?

The short answer is no, according to Okta. The customer or service data was not accessed, and even Auth0 products or data were not accessed. So, according to them, the service is secure and operational, nothing was damaged in any way. The company also states that since the alert was received, they’ve monitored who had access to their repositories and also rotated the GitHub credentials. Accordingly, law enforcement was notified as well.

Okta was already targeted earlier this year by the Lapsus$ extortion group. It also had another software compromise in the form of a hijacking campaign this August. That particular hack also targeted 100 other organizations like DoorDash and Twilio. Okta states they are actively working to further beef up their security, so they are indeed taking action to prevent such attacks from happening in the future!

Data breaches like these are reminders of the importance of implementing strong IAM solutions in order to protect sensitive information from unauthorised access. By taking proactive steps such as introducing automated authentication processes or leveraging AI-based algorithms for risk analysis, organizations can further boost their security levels—and reduce their chances of becoming victims of cybercrime in the future.

In other news Giant Leak Releases Nintendo Source Code Into the Wild

Related Posts