Cyber Incident Victim: Auth0

In late August 2022, Okta subsidiary Auth0 disclosed a security event involving unauthorized access to certain legacy source code repositories. A third party notified Okta that they possessed copies of multiple Auth0 code repository archives dating from October 2020 and earlier—material created before Okta's acquisition of Auth0 in May 2021. Auth0's authentication platform, which processes over 42 million daily logins for more than 2,000 enterprise customers across 30 countries, initiated an internal investigation alongside a third-party cybersecurity forensics firm. The company confirmed the repositories contained historical code but found no evidence that customer environments or Auth0's production systems experienced unauthorized access during or after the exfiltration. No data exfiltration from active systems or persistent attacker access was identified. Auth0 notified law enforcement and assured customers the service remained fully operational with no required remedial actions.

The investigations concluded in late September 2022 without determining the method of repository exfiltration or the exact timeline of the data acquisition. Auth0 implemented unspecified precautionary measures to neutralize potential risks from information bundled with the stolen code, though the nature of this ancillary data wasn't disclosed. This incident followed Okta's March 2022 disclosure of a separate breach by the Lapsus$ group, which initially impacted approximately 375 customers but was later revised to affect only two customers during a 25-minute access window in January 2022. Auth0's disclosure omitted specifics about repository contents, attacker entry vectors, and temporal details of the compromise while maintaining no customer systems or data were affected.