Popular authorization serviceAuth0 disclosed a recent security event that impacted some of its source code repositories dating from October 2020 and earlier.
Auth0 is a popular identity platform that facilitates application access management through authorization and authentication. It encompasses an extensive range of features, including Single Sign-On (SSO), OAuth2.0, Multi-Factor Authentication (MFA), and DDoS protection.
In March 2021, Okta signed a definitive agreement to acquire Auth0. Completion of the acquisition came two months later, on May 3, 2021.
At the end of August, a third party reached out to Okta, claiming they had copies of several Auth0 source code repositories. The allegedly stolen assets pre-dated Auth0’s takeover by Okta.
It’s not yet known how the repository copies were exfiltrated, leaked or stolen from their environment. Following the notification, Okta launched an internal investigation to assess the damages and employed a third-party cybersecurity forensics firm to conduct an audit.
“Both investigations, recently concluded, confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access,” reads Auth0’s announcement.
The company states that it took the necessary steps to prevent perpetrators from weaponizing the stolen bits of code to compromise customer or company environments. Auth0 also notified authorities of the incident.
Despite the incident’s benign nature, Okta failed to provide additional details, such as the attack’s timeframe and how the data was exfiltrated. When asked for further information, an Okta representative replied with a statement matching the company’s announcement, according to BleepingComputer.
Specialized software solutions such as Bitdefender Ultimate Security can help steer you clear of attempts at your security and privacy, with features like:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsDecember 19, 2024
November 14, 2024