Auth0 Discloses Security Incident, Says Source Code Repos Were Likely Stolen

Popular authorization serviceAuth0 disclosed a recent security event that impacted some of its source code repositories dating from October 2020 and earlier.

Auth0 is a popular identity platform that facilitates application access management through authorization and authentication. It encompasses an extensive range of features, including Single Sign-On (SSO), OAuth2.0, Multi-Factor Authentication (MFA), and DDoS protection.

In March 2021, Okta signed a definitive agreement to acquire Auth0. Completion of the acquisition came two months later, on May 3, 2021.

At the end of August, a third party reached out to Okta, claiming they had copies of several Auth0 source code repositories. The allegedly stolen assets pre-dated Auth0’s takeover by Okta.

It’s not yet known how the repository copies were exfiltrated, leaked or stolen from their environment. Following the notification, Okta launched an internal investigation to assess the damages and employed a third-party cybersecurity forensics firm to conduct an audit.

“Both investigations, recently concluded, confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access,” reads Auth0’s announcement.

The company states that it took the necessary steps to prevent perpetrators from weaponizing the stolen bits of code to compromise customer or company environments. Auth0 also notified authorities of the incident.

Despite the incident’s benign nature, Okta failed to provide additional details, such as the attack’s timeframe and how the data was exfiltrated. When asked for further information, an Okta representative replied with a statement matching the company’s announcement, according to BleepingComputer.

Specialized software solutions such as Bitdefender Ultimate Security can help steer you clear of attempts at your security and privacy, with features like:

• All-around real-time protection against viruses, Trojans, worms, rootkits, zero-day exploits, ransomware, spyware, and other cyberthreats
• Web-filtering module that prevents you from landing on harmful websites
• Anti-phishing component that scans and blocks websites that masquerade as legitimate ones to steal your data
• Breach monitor that detects if your data has been leaked in a data breach, notifies you and provides you with mitigation strategies