Auth0, an authentication service provider and Okta subsidiary hacked

A “security incident” affecting several of its code repositories has been published by Auth0, an authentication service provider and Okta subsidiary.

More than 2,000 corporate clients from 30 countries, utilize Auth0’s authentication technology to authenticate over 42 million logins per day.

Multiple code repository archives from 2020 and earlier (dating Okta’s February 2022 purchase) were stolen from its environment by unidentified means, the business said in a blog post on Monday.

A third party informed Okta in late August that they had a copy of specific Auth0 code repositories from October 2020 and earlier. the company hired a top cybersecurity forensics company right away and quickly began a full internal investigation. Both investigations, which were just completed, indicated that there was no proof of either persistent access or data exfiltration into systems or the environments of our clients.

Company have also taken security precautions to make sure that this code cannot be used to access corporate or client environments because of its strong commitment to security. They’ve also let law enforcement know.  It does not pertain to any other Okta products.

Auth0 promised to “provide context and facts” about these discoveries in the blog post, but it made no mention of how the data was exfiltrated from its servers.

Furthermore, the revelation provides no information regarding the potential timing of this malicious action or what data included in the code repositories would have permitted access to its environment.