bleeping computer got hold of a “confidential” email notification sent by Okta to its “security contacts” about the breach.
The Identity and Access Management (IAM) solutions leader says that GitHub alerted Okta of the suspicious access earlier this month.
“Upon investigation, we have concluded that such access was used to copy the Okta code repository,” wrote Okta CSO David Bradbury in the notification email.
Okta claims that the hackers did not access Okta service or customer data. In addition, the company imposed a temporary access ban on its GitHub repo and suspended all GitHub integration with third-party applications.
“We have since reviewed all recent accesses to the Okta software repository hosted by GitHub to understand the scope of the vulnerability, all recent commits to the Okta software repository hosted with GitHub to validate the integrity of our code Have reviewed, and rotated GitHub credentials. We’ve also notified law enforcement,” Bradbury said.
“Additionally, we have taken steps to ensure that this code cannot be used to access company or customer environments. Okta does not anticipate any disruption to our business or our ability to serve our customers as a result of this event.
Okta plans to publish a statement about the incident on its blog today.
Want to learn more about cyber security and the cloud from industry leaders? check out Cyber Security & Cloud Expo Taking place in Amsterdam, California and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here,