The private GitHub repositories of identity and access management firm Okta were hacked earlier this month.
Following a recent alert of suspicious access to Okta's code repositories, the single sign-on provider confirmed a breach.
"As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications," the company said in a Wednesday statement.
The security event pertains only to the Workforce Identity Cloud (WIC) code repositories; no Auth0 (Customer Identity Cloud) products were impacted. The San Francisco-based software provider said there is "no impact to" or action required by customers, including government programs like HIPAA and FedRAMP, as well as the Department of Defense.
"Our investigation concluded that there was no unauthorized access to the Okta service, and no unauthorized access to customer data," the statement said. "Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure."
In the weeks since the breach, Okta has made several moves "to understand the scope of the exposure," including reviewing all recent access to GitHub-hosted software repositories, rotating its GitHub credentials, and notifying law enforcement.
"We have decided to share this information consistent with our commitment to transparency and partnership with our customers," the official statement said.
It's been a tough year for Okta, which suffered a series of security incidents and damaging disclosures. The company in March tried to downplay a potential breach by hackers LAPSUS$, which may have exposed access to 15,000 corporate customers. A month later, Okta clarified the impact was limited to just two clients—"significantly smaller" than initially anticipated.