Identity , Decentralized identity and verifiable credentials SailPoint GitHub repo hit by third-party cyberattack May 11, 2026 Share By Steve Zurier (Credit: Robert – stock.adobe.com) SailPoint on May 8 reported that the company experienced a cyberattack in which the attackers gained “unauthorized access” to a subset of its GitHub repositories . The company said the incident was detected on April 20 and involved a vulnerability in a third-party application, which has since been remediated. In Friday’s filing with the Securities and Exchange Commission , SailPoint maintained it found no evidence that customer data in its production or staging environments were accessed, or that its services were interrupted. The company also added that its incident response team, which included third-party cybersecurity experts, quickly terminated the activity and resolved the issue. Amir Khayat, co-founder and CEO of Vorlon, said security teams have heard some version of that statement after nearly every major breach in the last five years: it’s almost a template. What it actually means is narrower than it sounds, said Khayat: It means the responding team looked at the blast radius they could see in the systems they monitor, and did not find evidence of production data exposure at the time of investigation. “It does not mean nothing of value was in those repositories,” said Khayat. “It does not mean attackers walked away empty-handed. GitHub repositories at a company like SailPoint almost certainly contain code, configuration logic, integration secrets, and architectural detail that a sophisticated attacker could use as reconnaissance for something bigger, even if no production database was touched.” Khayat added that SailPoint has become the identity backbone for some of the largest enterprises in the world. Khayat said whichever group accessed those repositories now knows things about how SailPoint's code is structured, how it integrates with customer environments, and potentially how to exploit it: that’s not nothing. Khayat pointed to some history with these type of identity-based supply chain attacks. Okta said the Lapsus$ intrusion in 2022 affected a small number of customers. Months later, Khayat said the full scope came out. LastPass i nitially disclosed source code theft with no customer impact. Two disclosures later, it was encrypted password vaults. CircleCI said it was contained. Then they told every customer to rotate every secret in every CI/CD pipeline. “The pattern is not malice on the part of security teams,” said Khayat. “It’s the nature of how these investigations work. You find what you can find quickly, you contain what you can contain, and you disclose what you can confirm. The rest surfaces later.” Damon Small, a board member at Xcape, Inc., said when a company says a third-party accessed them but the underlying issue was contained and no data was stolen, it may mean that the adversary gained access, but remained quiet to avoid detection. That said, Small pointed out that unauthorized access to source code counts as a “bad thing” regardless. “The claim that no data was stolen is flimsy at best because the data could have simply been copied from the screen with no pull request having been performed,” said Small. “However, we have to take them at their word that no data was exfiltrated. One way to interpret SailPoint’s response is to believe them because if sensitive information had been leaked it would behoove them to notify through its incident response plans. A more cynical view is that, having gone public in early 2025, they may be protecting themselves from an investor selloff.” Steve Zurier Related Identity Most passwords can be cracked in under a minute, Kaspersky finds SC Staff May 11, 2026 Kaspersky researchers analyzed a dataset of 231 million unique passwords leaked on the dark web between 2023 and 2026. Identity Microsoft Edge password saving practice raises security concerns SC Staff May 8, 2026 The browser reportedly converts saved passwords into plaintext within the computer's memory as soon as the application launches, making them vulnerable to unauthorized access. Security Operations UIDAI and NFSU forge 5-year cybersecurity and digital forensics partnership SC Staff May 8, 2026 This strategic alliance, formalized on May 5 in Ahmedabad, establishes a framework to enhance cyber resilience within UIDAI's digital identity ecosystem. Related Events Cybercast IAM for MSSPs: Real-World Deployments Mon May 18 Cybercast Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control On-Demand Event Cybercast The industrialization of identity compromise On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Access Matrix Basic Authentication Biometrics Certificate-Based Authentication Challenge-Handshake Authentication Protocol (CHAP) Digest Authentication Digital Certificate Discretionary Access Control (DAC) You can skip this ad in 5 seconds