Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Incident Response

Auth0 Finds No Breach Following Source Code Compromise

Okta-owned Auth0 this week announced that it has not identified an intrusion into its environment after a third-party said they were in the possession of older source code repositories.

Okta-owned Auth0 this week announced that it has not identified an intrusion into its environment after a third-party said they were in the possession of older source code repositories.

In late August, after Okta was informed by an individual that they possessed copies of certain Auth0 code repositories dating from October 2020 and earlier, the company launched an investigation that did not reveal a potential data breach.

The investigation, the company says, “confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access”.

Auth0 notes that it also decided to retain a cybersecurity forensics firm to investigate the claim, and that both investigations have arrived at the same conclusion.

Furthermore, the company says that it has taken the necessary precautions to ensure that the exposed code cannot be used to access its network or any customer environments.

“Our investigation has not revealed any customer impact from this event, and no action is required by our customers. Additionally, we confirm that the Auth0 service remains fully operational and secure,” the company says.

It has not shared any information on how the source code may have been obtained.

Advertisement. Scroll to continue reading.

Auth0 offers an authentication and authorization platform that provides organizations with various customization and monitoring options, and with support for multi-factor authentication.

In May 2021, Okta completed a $6.5 billion acquisition of Auth0, which continues to operate as an independent business unit.

Related: Fast Company Hack Impacts Website, Apple News Account

Related: Data Breach at Australian Telecoms Firm Optus Could Impact Up to 10 Million Customers

Related: Breached American Airlines Email Accounts Abused for Phishing

Related: Samsung Sued Over Recent Data Breaches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.