Blog Security Action we've taken in response to a potential Okta breach
Published on: March 22, 2022
2 min read

Action we've taken in response to a potential Okta breach

Actions we've taken to investigate a potential Okta breach.

security-cover.png
GitLab
security

The GitLab Security team is investigating and monitoring the situation surrounding a possible breach on the Okta platform to determine if there are any potential security issues that could have impacted GitLab or our users. At this time, no malicious activity, exploitation, or indicators of compromise have been identified on GitLab.com.

How GitLab uses Okta

GitLab uses Okta as a single-sign-on solution for access to various SaaS applications.

Actions we have taken

  • We’ve examined our logs, including our Okta logs to verify there has been no malicious activity.
  • We’ve been in contact with Okta and our industry peers to fully understand Okta’s potential breach and the potential impact to GitLab.
  • We’ve developed multiple contingency plans to thwart any potential attack scenarios and help protect GitLab and our users.
  • Out of an abundance of caution we are evaluating additional widespread safeguard measures to further protect our team members’ sensitive credentials.
  • If you use Okta to access your GitLab account, we recommend that you review your Okta logs for suspicious activity and contact Okta support to determine if there are any additional actions you should take with respect to your specific Okta implementation.
  • If you have not already done so, you should add multi-factor authentication (MFA) to your GitLab account. We recommend enabling MFA on all systems wherever possible. In fact, if given the choice we recommend U2F. Learn how to set up U2F with GitLab.
  • Review our “Security hygiene best practices for GitLab users” blog post which details simple but effective security practices that GitLab users should consider implementing to add additional layers of protection for themselves and help reduce risk for their organizations.

Our teams are continuing to investigate this situation for possible security issues that may impact our product and customers. If we discover that either our product or customers are at risk, we will update this blog post and notify users via a GitLab security alert.

Users can sign up to receive security alerts and notifications via email on our Contact Us page. If you've got a security question or concern, review how to contact our Support team.

More to explore

View all blog posts
Security
cloud deployment - cover

Enable secure sudo access for GitLab Remote Development workspaces

Security
built-in-security.jpeg

Best practices to keep secrets out of GitLab repositories

Security
securitycompliance.jpeg

New CIS GitLab Benchmark scanner boosts security and compliance

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert