Okta’s Private GitHub Repo Breached: Source Code Stolen but Services Remain Safe

Okta, a leading identity‑management provider, announced that its private GitHub repositories were accessed by an unknown attacker earlier this month, resulting in the theft of source code related to its Workforce Identity Cloud (WIC) product.

GitHub had previously warned Okta about “suspicious activity” on the repositories, confirming that the user had copied code associated with WIC, an enterprise‑focused access and identity‑management tool.

In a statement, Okta emphasized that although the source code was stolen, the attackers did not gain access to Okta’s services or any customer data. The breach does not impact Okta’s HIPAA, FedRAMP, or DoD customers, and the company does not rely on the confidentiality of its source code to protect its services, so no action is required from customers.

The incident also did not involve the Auth0 Customer Identity Cloud product, which Okta acquired for $6.5 billion last year.

Following the detection of the suspicious access, Okta temporarily restricted access to its GitHub repositories, disabled third‑party GitHub integrations, reviewed recent repository activity, and rotated GitHub credentials.

Okta noted that the breach is not expected to disrupt its business or the services it provides to customers.

This is not Okta’s first targeting by threat actors; in January the company was hit by the Lapsus$ ransomware group, and a large phishing campaign dubbed “Oktapus” was identified in August, aiming to harvest Okta credentials and 2FA codes from over 130 organizations.

In September, Auth0, now operating independently, disclosed a prior security incident involving code repositories dating back to October 2020.