The identity and authentication giant Okta have recognised and declared that it is responding to another significant security breach targeting Okta’s source code in its GitHub repositories.
Hackers strike Okta’s third-party providers
In a formal statement Okta mentioned that “GitHub alerted Okta about possible suspicious access to Okta code repositories.” Hackers used access to these repositories to copy code stored within. This would not be the first time Okta was targeted through a third-party service provider.
Okta confirms no customer data has been stolen
As an initial response to the security breach notice from GitHub, Okta placed temporary restrictions on the access of their repositories and suspended any integrations GitHub had with third-party apps.
Okta claims that no unauthorised access to their service or related Okta user data existed, and any products linked to Auth0 were not affected by the GitHub breach.
“Okta does not rely on the confidentiality of its source code for security of its services. The Okta service remains fully operational and secure”, Okta mentioned in their statement.
Not the first time Okta has been targeted, and it won’t be the last
Earlier in the year, Okta’s apps and systems were compromised by the Lapsus$ extortion party, which were able to gain access to the account of a support engineer at Sykes (one of Okta’s third-party service providers).
Later that year in August, Okta was caught in a string of attacks committed in a hacking campaign that had breached over 100 different organisations including DoorDash.
Hackers continue to target Multi-Factor Services
To most, Multi-Factor Authentication (MFA) is a secure method of keeping hackers out of sensitive data. However recently, services that rely on MFA have become a target for phishers and other cyber criminals.
This is likely due to the boom in popularity of MFA in most crucial services. In fact, a study conducted by Duo shows that in just 4 years the percentage of users familiar with MFA grew from 28% in 2017 to 78% in 2021.
This increase in security is always welcome however an unfortunate biproduct is the increased the incentive to target companies using MFA services.
What can be learnt from Okta’s Cyber Attack?
- Sensitive information should have as little user access as functionally possible
- Validate third-party services and Software as a service (SaaS)
- Apply resilient IAM and PAM systems
- Educate workers and users with effective Cybersecurity Awareness Training
- Stay cautious of current cyber risks and threats
- Inquire and inspect systems and user traffic regularly
- Transparency towards customers and employees should be upheld
