In the user export CSV file, a single quote is prepended to every string field. This happens only with the CSV export, not the JSON export file.
Cause of this observation:
In April 2022, Auth0 product team implemented this change for the following reason:
The CSV encoding is compliant with OWASP recommendations to avoid CSV injection exploits. Before the change, Users could sign up with characters in attributes that can trigger formulas in excel or other spreadsheets. That’s why we implemented this security measure.
And we have updated our doc with the below details: