announcements

Auth0 Code Repository Archives From 2020 and Earlier

Details around a recent security event

Sep 26, 20222 min read

SUMMARY

In alignment with our core values of transparency and loving our customers, we are sharing context and details around a recent security event affecting Auth0 code repositories from October 2020 and earlier, which pre-dates the Okta acquisition of Auth0. Our investigation has not revealed any customer impact from this event, and no action is required by our customers. Additionally, we confirm that the Auth0 service remains fully operational and secure.

SCOPE

The security event detailed below pertains to Auth0 code repositories from October 2020 and earlier, which pre-dates the Auth0 acquisition by Okta. It does not pertain to any other Okta products.

EVENT

In late August, a third-party individual notified Okta that they possessed a copy of certain Auth0 code repositories dating from October 2020 and earlier. We immediately launched a thorough internal investigation and enlisted the services of a leading third-party cybersecurity forensics firm. Both investigations, recently concluded, confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access.

Additionally, given our robust commitment to security, we have taken precautionary steps to ensure that this code cannot be used to access company or customer environments. We have also notified law enforcement. The Auth0 service remains fully operational and secure.

Keeping customer data secure is one of our top priorities and we take this responsibility very seriously. We greatly appreciate our customers’ trust and partnership.