1 min read

Auth0 Discloses Security Incident, Says Source Code Repos Were Likely Stolen

Vlad CONSTANTINESCU

September 29, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Auth0 Discloses Security Incident, Says Source Code Repos Were Likely Stolen

Popular authorization serviceAuth0 disclosed a recent security event that impacted some of its source code repositories dating from October 2020 and earlier.

Auth0 is a popular identity platform that facilitates application access management through authorization and authentication. It encompasses an extensive range of features, including Single Sign-On (SSO), OAuth2.0, Multi-Factor Authentication (MFA), and DDoS protection.

In March 2021, Okta signed a definitive agreement to acquire Auth0. Completion of the acquisition came two months later, on May 3, 2021.

At the end of August, a third party reached out to Okta, claiming they had copies of several Auth0 source code repositories. The allegedly stolen assets pre-dated Auth0’s takeover by Okta.

It’s not yet known how the repository copies were exfiltrated, leaked or stolen from their environment. Following the notification, Okta launched an internal investigation to assess the damages and employed a third-party cybersecurity forensics firm to conduct an audit.

“Both investigations, recently concluded, confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access,” reads Auth0’s announcement.

The company states that it took the necessary steps to prevent perpetrators from weaponizing the stolen bits of code to compromise customer or company environments. Auth0 also notified authorities of the incident.

Despite the incident’s benign nature, Okta failed to provide additional details, such as the attack’s timeframe and how the data was exfiltrated. When asked for further information, an Okta representative replied with a statement matching the company’s announcement, according to BleepingComputer.


Specialized software solutions such as Bitdefender Ultimate Security can help steer you clear of attempts at your security and privacy, with features like:

  • All-around real-time protection against viruses, Trojans, worms, rootkits, zero-day exploits, ransomware, spyware, and other cyberthreats
  • Web-filtering module that prevents you from landing on harmful websites
  • Anti-phishing component that scans and blocks websites that masquerade as legitimate ones to steal your data
  • Breach monitor that detects if your data has been leaked in a data breach, notifies you and provides you with mitigation strategies

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Royal Ransomware Launches Attacks on US Healthcare Organizations, Government Warns Royal Ransomware Launches Attacks on US Healthcare Organizations, Government Warns
Vlad CONSTANTINESCU

December 09, 2022

2 min read
North Korean APT Group Exploits Internet Explorer Zero-Day Flaw, Google Warns North Korean APT Group Exploits Internet Explorer Zero-Day Flaw, Google Warns
Vlad CONSTANTINESCU

December 08, 2022

2 min read
Medibank Goes Offline to Rebuild Cyber Defenses in Wake of October Hack Medibank Goes Offline to Rebuild Cyber Defenses in Wake of October Hack
Filip TRUȚĂ

December 08, 2022

2 min read