Okta’s GitHub repo was reportedly hacked and the company’s source code stolen, raising questions about a critical cybersecurity platform.
Okta is one of the world’s leading authentication platforms, offering single sign-on and Identity and Access Management (IAM) solutions. BleepingComputer saw a ‘confidential’ email regarding a reported breach.
GitHub evidently notified Okta of suspicious activity on their account. Investigation revealed that bad actors evidently accessed the companies source code and copied it.
“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” writes David Bradbury, the company’s Chief Security Officer (CSO) wrote in an email being sent to the company’s security contacts.
Despite the breach, Okta says there is little reason for concern. The company says “HIPAA, FedRAMP or DoD customers” were not impacted since the company’s security “does not rely on the confidentiality of its source code as a means to secure its services.”
Globant, a company that helps others prepare “for digital and cognitive future,” is the latest victim of the Lapsus$ ransomware group.
Lapsus$ has been racking up a significant list of victim companies, including Nvidia, Microsoft, Okta, and Samsung. The group recently claimed it hacked Globant as well, posting some of the company’s source code as proof.
“We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access,” the company wrote on their site. “We have activated our security protocols and are conducting an exhaustive investigation.
“According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.
“We are taking strict measures to prevent further incidents.”
Microsoft has confirmed it was at least partially compromised by hacking group Lapsus$, saying it interrupted the attack in progress.
Lapsus$ is a ransomware group that operates somewhat differently than most. Rather than compromising a system and installing a ransomware payload, the group tries to steal source code and intellectual property, and then threatens to release it if a ransom is not paid. The group claimed to have compromised Microsoft, saying it made off with source code for Bing, Bing Maps, and Cortana.
In a blog post, Microsoft says it interrupted DEV-0537 (Microsoft’s codename for Lapsus$) mid-operation.
This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.
Microsoft has been monitoring Lapsus$ for some time, and have noted the group’s ability to prey on the interconnected nature of modern systems.
Early observed attacks by DEV-0537 targeted cryptocurrency accounts resulting in compromise and theft of wallets and funds. As they expanded their attacks, the actors began targeting telecommunication, higher education, and government organizations in South America. More recent campaigns have expanded to include organizations globally spanning a variety of sectors. Based on observed activity, this group understands the interconnected nature of identities and trust relationships in modern technology ecosystems and targets telecommunications, technology, IT services and support companies–to leverage their access from one organization to access the partner or supplier organizations. They have also been observed targeting government entities, manufacturing, higher education, energy, retailers, and healthcare.
On the heels of news Lapsus$ was claiming it breached Okta, the company’s CEO has confirmed an attempt in January.
Okta is a leading identity and authentication services provider, meaning a successful breach against the company could have disastrous consequences for wide range of industries. Ransomware group Lapsus$ claimed to have successfully breached the company, even providing screenshots as proof. Fortunately, the screenshots Lapsus$ provided are likely from an attempt made in January, one that was contained and poses little risk in the present.
Okta CEO Todd McKinnon made the announcement on Twitter.
In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. (1 of 2)
We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January. (2 of 2)
Identification and authentication services firm Okta is investigating the possibility it may have been hacked by LAPSUS$.
LAPSUS$ has accomplished a number of high-profile hacks in recent weeks, including stealing the Samsung Galaxy code and the Nvidia GPU code. According to Reuters, the group is now claiming to have hacked Okta, one of the leading providers of identity and authentication services.
Okta says it is investigating whether the claims are true. If they are, however, the repercussions could be nothing short of disastrous, depending on how badly the company has been compromised. Companies around the world, large and small, rely on Okta to authenticate their users and services.
We will continue to monitor this story and report updates as details become available.
Okta has announced it is buying Auth0, in a deal worth an estimated $6.5 billion.
Okta is an identity and access management firm, specializing in helping companies and developers build identity security into their products. Founded in 2009, the company has become a leader in the industry, and boasts some of the biggest companies in the world as its customers.
Auth0 is one of Okta’s biggest competitors, and also specializes in secure access solutions. Like Okta, Auth0 has some of the biggest names in business as its clients.
The merger will help accelerate Okta’s growth in the $55 billion identity market. Auth0 will operate as an independent unit within Okta and both platforms will be supported, although the goal is to integrate them over time.
“Combining Auth0’s developer-centric identity solution with the Okta Identity Cloud will drive tremendous value for both current and future customers,” said Todd McKinnon, Chief Executive Officer and co-founder, Okta. “In an increasingly digital world, identity is the unifying means by which we use technology — both at work and in our personal lives. With so much at stake for businesses today, it’s critical that we deliver trusted customer-facing identity solutions. Okta’s and Auth0’s shared vision for the identity market, rooted in customer success, will accelerate our innovation, opening up new ways for our customers to leverage identity to meet their business needs. We are thrilled to join forces with the Auth0 team, as they are ideal allies in building identity for the internet and establishing identity as a primary cloud.”
The deal is subject to regulatory approval and expected to close the quarter ending July 31, 2021.
Some of the biggest names in tech have formed the Modern Computing Alliance, with the goal of transforming the cloud and its tools.
Cloud computing has become one of the biggest, most important trends in modern computing. Already well under way, the migration to cloud computing went into overdrive as a result of the COVID-19 pandemic. Companies around the world are relying on cloud computing to manage remote employees, stay productive and adapt to a new reality.
Unfortunately, migrating to the cloud is not always an easy task, especially for companies with decades of investment in legacy systems. The Modern Computing Alliance is aimed at “aligning standards and technologies to provide companies with the choice of high-performance, cloud-first computing solutions from the vendor of their choice who provide modern solutions for the modern era of business.”
Google’s John Solomon, VP Chrome OS, outlined the alliance’s vision in a blog post:
To drive ‘silicon-to-cloud’ innovation for the benefit of enterprise customers—fueling a differentiated modern computing platform and providing additional choice for integrated business solutions.
Solomon emphasized that any strong alliance needs a strong diversity of members, to help bring unique perspectives to the table. The Modern Computing Alliance certainly meets that criteria with its founding members: Box, Citrix, Dell, Google, Imprivata, Intel, Okta, RingCentral, Slack, VMWare and Zoom.
The Modern Computing Alliance members are specifically focused on four key areas:
Performance
Security and Identity
Remote, Collaboration and Productivity
Healthcare
“The shared goal among the Modern Computing Alliance members is to fuel innovation in these key areas and provide customers with preferred choices without the tradeoffs they may face with a single vendor,” writes VMware’s Kenny Takahashi.
“Customers will play an integral role in the Modern Computing Alliance through the Modern Computing IT Council, which will provide a forum for IT champions to make themselves heard. Customer IT Council participants will have exclusive lines of communication with Modern Computing Alliance members and help define the future of computing through research, advisory workshops, roadmap inputs, and solution testing.”
The Modern Computing Alliance looks like a promising step in the right direction toward making cloud computing even easier.
“It’s been a funny journey working remotely,” says Box CEO Aaron Levie. “A month or two into the pandemic I distinctly remembered that we actually started our company completely remotely. The move to this remote work style is causing us to realize how different managing and leading businesses and executing can be if we were able to take advantage of virtual technology more even when we go back to the office. This completely opens up a new way of working.”
Aaron Levie, co-founder and CEO of Box, discusses at the CNBC @Work Summit how remote working that was forced upon companies has actually opened them up to a completely new way of working:
It’s Been A Funny Journey Working Remotely
It’s been a funny journey working remotely. A month or two into the pandemic I actually distinctly remembered that wait a second, we actually started our company completely remotely. My co-founder and I were going to two different colleges at the time and so the whole business was run over instant messaging. Before we had Slack we had AOL Instant Messenger. Before we had Okta we had really bad passwords. We were a remote company and we started our own product because we wanted to make it so people could easily access and share files from anywhere. That was the origin of the business.
Fast forward 15 years later, we have 2,000 employees, we work in offices, we have a lot of the standard ways you think about when scaling up the company. When we had to instantly move to a remote and distributed way of working it really hit me how much of the work style that gets embedded into our companies are really actually things that just carried forward from the 20th Century when everything was analog and everything was done in person. All communication was done between people either through written communication or just a meeting.
Pandemic Opened Up New Way Of Working
You realize that when you go virtual and you go remote there is actually so much potential to be able to work in a digital-first way. When you think about a team meeting as an example, so many of our meetings are arbitrarily sized to the number of people that fit into a conference room. So it’s kind of bizarre that work just happens to be the six to twelve people that can fit into a conference room space. Certainly for software projects or a particular team that’s a pretty good logical size. But that’s not the right size that contributes to a brainstorm. That’s not inherently the right size of people that you want when you’re communicating information and getting the best ideas around how to go drive the business.
So having that Slack channel with 150 people in it that cuts across different parts of the organization we are able to get contributions from people that would have never been in that conference room previously. That completely opens up a new way of working. Think of what you now do on video and the ability to include voices and ideas from people that previously wouldn’t have spoken up or wouldn’t have had an easy opportunity to contribute to some particular part of the business or strategy or have a two-way dialogue on a really important business topic.
Real Potential That We Want To Continue
We had a meeting with all of our top 200 leaders in the company last week and that was a complete bidirectional discussion in a way that would never have been possible in person. That’s usually a person with a microphone just communicating outward to everybody in the business and not actually having it be a dialogue to get feedback. The move to this remote work style is causing us to realize actually how different management and leading businesses and executing can be if we were able to take advantage of virtual technology more even when we go back to the office.
None of this requires you to be remote it’s just sort of the remote that was forced upon all of us to the point that we are now realizing that there is actually some real potential here that we want to continue to maintain going forward.
“One of the things powering our growth too is that more and more technology leaders and people in the security industry and customers and users are understanding the importance of identity,” says Okta CEO Todd McKinnon. “They’re going from a world where they were thinking about cloud computing, firewalls, and VPNs, and now they’re thinking about identity as being the central platform to really embrace the cloud, create a great digital experience for customers, and also keep it all secure.”
Todd McKinnon, CEO of Okta, discusses how identity has become the central platform for companies to embrace the cloud in an interview with Jim Cramer on CNBC:
We Have 6,550 Happy Customers Across the Entire Globe
We have 6,550 happy customers across the entire globe. We come to work every day making sure that we make them secure, make them successful, and help them adopt cloud and transform their businesses. One example is Major League Baseball. We do a couple of very important things for MLB. The first is that we help their employees log into the applications they need in order to be productive at work. They can log in securely and with a very positive simple user experience.
The second thing, which is more recent, is we are the login system and the security layer for MLB.com. If you’re logging in and streaming those baseball games you’re logging in through Okta to get to MLB.com. It’s really helpful for them because that they can take their awesome developer and engineering talent and focus it on building core parts of that application and that experience versus the security parts that we can do better.
To Deliver Trusted Technology You Have To Start With Identity
Zoom (a customer of Okta) is a great company with another great product experience. They’ve revolutionized a market a lot of people thought was really entrenched with a lot of competitors. They came out with a better product and its results are kind of speaking for themselves. What we’re seeing in our business and it’s really driving these results you’re seeing is that every organization from sports league like MLB.com to a university like Seton Hall to the largest enterprises in the world, financial institutions and governments, they all have to connect more closely and more securely with the people in their ecosystem.
Whether that’s students or alumni or faculty or employees or customers, what’s at the center of all that interaction is technology. If you want to talk about trusted technology and delivering that to people you have to start with identity. That’s what we’re doing for all these organizations around the world and that’s what’s powering our results.
Identity Is the Central Platform For Companies To Embrace the Cloud
It’s a really important role we’re playing. If you think about it, especially in the case of Zscaler, companies are moving away from the old world, which was they had a firewall around their network and everything inside was secure and everything outside was blocked. Now they’re moving to this world called Zero Trust which means they basically don’t trust anything. They want to verify everything. When you have to verify everything you have to have this passport, you have to have this digital identity, and that’s we’re providing. For a lot of companies, we’re turning a world that’s pretty daunting in terms of how you give this flexibility or this openness and making it secure and very simple to use.
One of the things powering our growth too is that more and more technology leaders and people in the security industry and customers and users are understanding the importance of identity. They’re going from a world where they were thinking about cloud computing, firewalls, and VPNs, and now they’re thinking about identity as being the central platform to really embrace the cloud, create a great digital experience for customers, and also keep it all secure. It’s that mindset and that consciousness in the market of the importance of identity as a platform that is really leading people to come to Okta and driving our results.
Our businesses are global of course. We don’t have as much exposure to China as other companies have but in an indirect way, we’re helping companies of every organization across the entire world be successful with their businesses as well. We do think about powering business globally. So it’s in everyone’s interest I think to have as much free trade and as much economic commerce as possible. Indirectly, we do benefit from that, so we have a close eye on that as well.
Identity Is the Central Platform For Companies To Embrace Cloud, says Okta CEO Todd McKinnon
Cloud is just getting started says Okta CEO, Todd McKinnon. He says that everyone talks about the how cloud has come of age, but it’s really at only 20 percent of $1 trillion in IT spend. “We’re still in the early days of cloud adoption,” says McKinnon. “We’re very excited about the runway ahead and the value we can provide, in that context of really… cloud taking over the world.”
Todd McKinnon, CEO & Co-Founder of Okta, recently talked to Jim Cramer on CNBC about the massive future still ahead for cloud computing and Okta:
We’re the Plumbing, We’re the Infrastructure
We’re changing their world. We’re making it incredibly easy for them to connect to all their technology. Whether they’re logging into their business applications at work or they’re a customer of one of our customers, logging into a website, making their customer experience more enjoyable and more secure. They’re big fans of Okta.
We help our customers both directly, where their end users can see what we do in some cases. But in many cases, we’re behind the scenes, we’re the plumbing, we’re the infrastructure, that’s making their technology secure and making the end user experience super enjoyable. We’re happy to place to play both roles because at the end of the day it’s about making customers successful with any technology they want to use. Whatever they choose to use we will fit in with it and will make their lives productive.
Cloud is Taking Over the World
This is our ten-year anniversary. We’re incredibly excited about ten years. and during those 10 years, we’ve benefited from several trends that are really lifting us to these new heights. The main one is cloud computing. Cloud has progressed tremendously over the last ten years, but the most exciting thing is it’s really just getting started.
If you look at the overall IT spending market, it’s over a trillion dollars of IT spend. Everyone talks about the how cloud they think the cloud has come of age, but it’s still only 20 percent of that. It’s about $200 billion. We’re still in the early days of cloud adoption. We’re very excited about the runway ahead and the value we can provide in that context of really… cloud taking over the world.
Adobe Has Done Something Amazing
We help Adobe in a couple of really important ways. They’ve been a longtime customer of ours. The first way is that we help their business customers connect into the Creative Cloud. The second way we help them is we help their 20,000 employees connect into all the applications they need to do their job at Adobe.
Adobe is an interesting story, not just because it’s an Okta customer, but they’ve done something very amazing. They’ve transitioned their business from a package software business to a cloud business. You’ve seen the results in their business and in their strategic position in the market. We were lucky enough to play a helping role as we helped that login securely to that new Creative Cloud product they’ve had in the market for the last four or five years.
We Are Focused on What Customers Need
We help enterprises get rid of those passwords. Our customers that use Okta for their employees, they have one single login credential that takes them into all their applications. It greatly simplifies the end-user experience and as a result, makes it way more secure and way more productive. At the end of the day, it’s about how productive you can make your people and how great you can make the experience and how attractive you are as an employer and the kind of people you can attract.
There are companies that have similar solutions. We at Okta are trying to be focused on what our customers need and not get too caught up in a platform player that’s trying to do what we’re doing or a niche upstart that’s trying to copy some of our features. We are really focused on what do the customers need? Do they need help connecting to their customers? Do they need help with certain kinds of security architectures that are emerging as they move to more of a cloud central model?
From the beginning of the company over the last ten years, we’ve been incredibly customer-centric, listening to what customers needed and having that be our North Star. That’s worked incredibly well. It’s not a coincidence (that I sound like Marc Benioff). I worked at Salesforce for six years. I basically learned the ropes of cloud computing from Marc and the entire team at Salesforce. So it’s not it’s not a shock that there are a lot of similarities there.
Identity as a platform on the cloud is hot, hot, hot. Companies of all sizes are seeing identity management in the cloud as the future of online security. Many of the major tech companies have entered this space including Oracle, Google, AWS, IBM, and smaller competitors such as OneLogin as well. One company that is all about the identity cloud and is technology agnostic is Okta.
Recently, Okta CEO and co-founder Todd McKinnon talked about their unique platform called the Identity Cloud on CNBC Squawk Box:
Identity Cloud Connects All Technology
Our platform is called the Identity Cloud and what that means is it’s a cloud service that connects all of the technology that you can use at work or a customer uses on your website. It is easy for them to log in and makes it very secure and gives company visibility as to what’s happening with technology.
Every company is thinking about how they can use more technology, how they can do it securely, and how they can make everyone the most productive in their environment and we’re right in the middle of that.
Identity Now Has to be Its Own Platform
This generation of technology, cloud, and mobile, is different from past generations in that in every generation before identity has been part of other platforms, whether it was Windows or Oracle. Now, the pervasiveness of this idea of everyone needing to connect to everything and everything going online and everything going mobile has made it where identity needs to be its own platform.
You have to be able to trust Identity to connect you to all the different technologies you want to use so that you are not beholden to one platform.
Not an Island in the Networks of Cyber Protection
Everyone wants their choice of technology and with choice sometimes comes disparate systems. We integrate it all together. You can get that choice, that best of breed, the right technology for the job while at the same time making that experience amazing for the end user, for your customers to be able to access your systems and for your employees.
Identity Cloud is For All Sizes of Businesses
The prospects for growth are tremendous, both in the US and internationally. This is a worldwide movement and in a lot of ways, we are just scratching the surface.
We help companies adapt to the cloud and we help them build better customer websites and mobile apps. These are being done by companies of all sizes. Whether you are a global 2000 or an SMB we can help them all with this unique cloud platform that can reach to the largest companies in the world down to the smallest businesses as well.
Facebook has launchedseveral updates for its Groups to help admins manage them efficiently and keep communities safe. The rollout of new tools, controls, and additional features are in line with the company’s focus on creating engagement in various communities on the site.
With more than a billion members across millions of active groups, Facebook is putting in an effort to help community managers handle nearly every activity each day. That’s why admins will now have a dedicated customer support service to handle queries and reported issues. And with more people on board, Facebook intends to give quick feedback as well. For now, the free service is only available to selected group admins on iOS and Android in English and Spanish but will continue its rollout in the coming weeks.
Facebook Has New Tools to Help Group Admins
– Dedicated Group Admin support team at Facebook
– Group admin online education resources
– New Group rules features
– Pre-approved Group members feature https://t.co/yhcTyodHq4pic.twitter.com/liThgpDyJF
Another tool that will benefit group admins is the launching of an online educational resource. The live site contains short tutorials, product demos, and actual case studies drawn from the experience of fellow admins. Done in audio and video formats, content on the learning portal aims to give a better understanding of how Facebook and Groups work.
As Facebook promises to build resources according to its users’ needs, the company has introduced two admin tools. One new feature will allow community admins and moderators to inform members of their rule violations that merited removal of the post. Admins and moderators can even add comments in the activity log when a post is taken down.
Another update is allowing admins and moderators to choose certain Facebook users, otherwise called pre-approved members. Whenever they post, their content will no longer require approval since they are tagged as trusted members. This means less moderation of content for managers and more time in connecting with others.
Apart from creating communities, Facebook wants to bring social networking to the workplace as well. CalledWorkplace by Facebook, the collaboration tool is one of the many available in the market now. It faces stiff competition from Slack, Atlassian’s Stride, and Microsoft’s Team, but none of them have a userbase that comes close to Facebook’s over two billion.
Facebook is starting to take the enterprise world seriously, and its new partner, identity management service Okta, can provide much-needed credibility. https://t.co/hM5NvATVBl
Facebook is banking on its partnership with identity management developer Okta to bring in more business accounts and convince larger companies that Workplace is an enterprise app. With the proposed integration, employees can securely sign in Okta and gain easy access to Workplace and other cloud apps.
