How can I make sure we get notified if an Auth0 security breach affects our system?

Hi,

We are currently using Auth0 to authenticate users on the staff-facing side of our eCommerce site — this is working without a hitch and is secure as far as I know.

However, I’m not sure how or if I’d find out if Auth0 did have a security issue — for instance, if the Okta breach last year had affected Auth0.

I do get emails from no-reply-support@auth0.com for service updates — most recently for the Rules and Hooks End of Life earlier this month. Does anyone know if this would also be used for data breach notifications?
If not, is there another way I can sign up to make sure I receive those?


I have checked the Trust and Compliance Documentation, but none of the documents there seem like they would cover this. Searching the Auth0 docs also leads me to Breached Password Detection, but that only seems to cover breaches of our users’ (staff) credentials, not if attackers gained access to something internal to Auth0.

We’re doing a bit of digging through our backlog and wanted to address this topic as it’s commonly searched for :mag_right: Thanks for the great questions @Isikyus, we apologize we weren’t able to get to them earlier :confused:

Generally speaking, security issues will be addressed at trust.okta.com - This has links to both Okta and Auth0 status pages, Security, and Compliance. You’ll also notice a link to establish a primary security contact (for Auth0 specifically, this requires contacting your account executive, customer success manager or opening a support ticket with security contact info).

If your organization is directly affected by a security breach, event, etc. you can expect to be contacted directly as well.

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.