Auth0 warns that some source code repos may have been stolen

Authentication service provider and Okta subsidiary Auth0 has disclosed what it calls a "security event" involving some of its code repositories.

Auth0's authentication platform is used to authenticate over 42 million logins each day by more than 2,000 enterprise customers from 30 countries, including the likes of AMD, Siemens, Pfizer, Mazda, and Subaru.

As the company revealed in a blog post on Monday, multiple code repository archives from 2020 and earlier (pre-dating Okta's February 2022 acquisition) were obtained by unknown means from its environment.

"In late August, a third-party individual notified Okta that they possessed a copy of certain Auth0 code repositories dating from October 2020 and earlier," Auth0 revealed.

"Our investigation has not revealed any customer impact from this event, and no action is required by our customers."

The company and a third-party cybersecurity forensics firm investigated how the data was exfiltrated, but, until now, they failed to find any evidence of a breach.

"Both investigations, recently concluded, confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access," Auth0 added.

"We have also notified law enforcement. The Auth0 service remains fully operational and secure."

"Security event" disclosure lacks details

For the time being, Auth0 says that it took "precautionary steps" to ensure that information bundled with the code could not be used in the future to hack into company and customer systems.

While Auth0 said the blog post would be "sharing context and details" regarding these findings, it failed to provide any information regarding how the data was exfiltrated from its systems.

Additionally, the disclosure lacks info on when this malicious activity might have taken place or what info bundled with the code repos would've allowed access to its environment unless it took "precautionary steps."

Auth0's parent company Okta, a leading provider of authentication services, said in March that 2.5% (roughly 375 customers) were impacted by a January cyberattack claimed by the Lapsus$ data extortion group.

One month later, Okta found after concluding an investigation into the January Lapsus$ breach that the incident's impact was significantly smaller than expected as it lasted 25 minutes and affected only 2 customers.

An Auth0 spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.