- Auth0 announced that Auth0 code repositories that pre-date the Okta acquisition of Auth0 are stolen by an unknown.
- According to the announcement, the service is fully operational and secure and customers aren’t impacted by the incident.
- After two investigations, the company still doesn’t know how the repositories are stolen but there is no evidence of any data exfiltration or persistent access.
Okta subsidiary and authentication service provider, Auth0 announced that they have noticed that some of the code repository archives date back to before the acquisition of the company by Okta were obtained by unknown means. The security event only affects Auth0 code repositories from October 2020 and earlier. The company also said that the service will remain fully operational.
No customers impacted
The investigation held by Auth0 showed that the incident didn’t impact customers, thus, there is no action required to take by customers. The company confirmed that the Auth0 service is fully operational and secure and no other Okta product is affected.
In late August, a third-party individual notified Okta that they have a copy of Auth0 code repositories from October 2020 and earlier. The company launched an internal investigation along with the help of a third-party cybersecurity forensics firm. Both investigations show that there is no evidence of unauthorized access to the company environments, or those of its customers, nor any evidence of any data exfiltration or persistent access.
The company has taken precautionary steps to ensure that this code cannot be used to access company or customer environments. Law enforcement was also notified about the incident.