2 min

Auth0, an authentication service provider and Okta subsidiary, has reported a security incident impacting several of its code repositories.

Over 2,000 business clients from 30 countries utilize Auth0’s authentication technology to verify over 42 million daily logins. Notable clients include AMD, Siemens, Pfizer, Mazda, and Subaru.

According to a blog post published on Monday, several code repository records from 2020 and earlier — before it was acquired by Okta — were taken from its environment in unknown ways.

According to Auth0, a third-party individual told Okta that they had a copy of Auth0 code repositories dating back to October 2020 in late August.

No effect on customers

The company reported that it did not find indications of the situation affecting customers. As such, Auth0 said, customer action is not necessary. The organization and a third-party cybersecurity forensics agency examined how the data was exfiltrated but found no clear sign of compromise.

Both investigations, which were just completed, indicated no evidence of improper access to the company and its customers’ environments, nor any proof of data exfiltration or continuous access. According to the company, which has also alerted law enforcement, the Auth0 service is completely functional and safe.

Auth0’s disclosure is incomplete

As the situation is ongoing, Auth0 says it took precautionary measures to guarantee that information included in the code can not be utilized to hack into customer systems in the future.

While Auth0 stated that the blog post would provide context and specifics about the discoveries, it did not disclose details about how the data was stolen from its servers.

Furthermore, the disclosure lacks information on when the malicious behaviour may have occurred and what information packed in the code repositories allowed entry to its environment.