BleepingComputer got hold of a “confidential” email notification sent by Okta to its “security contacts” about the breach.
The Identity and Access Management (IAM) solutions leader says GitHub alerted Okta to the suspicious access earlier this month.
“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” wrote Okta CSO David Bradbury in the notification email.
Okta claims the hackers did not access the Okta service or customer data. Furthermore, the company temporary access restrictions to their GitHub repos and suspended all GitHub integrations with third-party applications.
“We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials. We have also notified law enforcement,” added Bradbury.
“Additionally, we have taken steps to ensure that this code cannot be used to access company or customer environments. Okta does not anticipate any disruption to our business or our ability to service our customers as a result of this event.”
Okta plans to publish a statement about the incident on its blog today.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.