Auth0 warns that some source code repos may have been stolen


Authentication service provider and Okta subsidiary Auth0 has disclosed what it calls a “security event” involving some of its code repositories.

Auth0’s authentication platform is used to authenticate over 42 million logins each day by more than 2,000 enterprise customers from 30 countries, including the likes of AMD, Siemens, Pfizer, Mazda, and Subaru.

As the company revealed in a blog post on Monday, multiple code repository archives from 2020 and earlier (pre-dating Okta’s February 2022 acquisition) were obtained by unknown means from its environment.

“In late August, a third-party individual notified Okta that they possessed a copy of certain Auth0 code repositories dating from October 2020 and earlier,” Auth0 revealed.

“Our investigation has not revealed any customer impact from this event, and no action is required by our customers.”

The company and a third-party cybersecurity forensics firm investigated how the data was exfiltrated, but, until now, they failed to find any evidence of a breach.

“Both investigations, recently concluded, confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access,” Auth0 added.

“We have also notified law enforcement. The Auth0 service remains fully operational and secure.”

“Security event” disclosure lacks details

For the time being, Auth0 says that it took “precautionary steps” to ensure that information bundled with the code could not be used in the future to hack into company and customer systems.

While Auth0 said the blog post would be “sharing context and details” regarding these findings, it failed to provide any information regarding how the data was exfiltrated from its systems.

Additionally, the disclosure lacks info on when this malicious activity might have taken place or what info bundled with the code repos would’ve allowed access to its environment unless it took “precautionary steps.”

Auth0’s parent company Okta, a leading provider of authentication services, said in March that 2.5% (roughly 375 customers) were impacted by a January cyberattack claimed by the Lapsus$ data extortion group.

One month later, Okta found after concluding an investigation into the January Lapsus$ breach that the incident’s impact was significantly smaller than expected as it lasted 25 minutes and affected only 2 customers.

Update: An Okta spokesperson did not provide additional details when contacted by BleepingComputer earlier today, instead sharing the following statement matching Auth0’s blog post:

Security is one of our highest priorities, and we take our responsibility to protect and secure customer data and related information very seriously. Last month, we experienced a security event with a third-party individual related solely to the Auth0 platform. We immediately conducted an investigation with a leading cybersecurity forensics firm and we did not identify any evidence of unauthorized access, nor any evidence of a data exfiltration event or persistent access. The Auth0 service is fully operational and secure. This security event does not impact any other Okta products. We have been in communication with our customers about this event. 


Related posts

3CX hack caused by trading software supply chain attack

Sarah Henriquez

Ukrainian arrested for selling data of 300M people to Russians

Sarah Henriquez

Atlassian fixes critical Confluence hardcoded credentials flaw

Sarah Henriquez

Leave a Comment