We are currently using Auth0 to authenticate users on the staff-facing side of our eCommerce site — this is working without a hitch and is secure as far as I know.
However, I’m not sure how or if I’d find out if Auth0 did have a security issue — for instance, if the Okta breach last year had affected Auth0.
I do get emails from
firstname.lastname@example.org for service updates — most recently for the Rules and Hooks End of Life earlier this month. Does anyone know if this would also be used for data breach notifications?
If not, is there another way I can sign up to make sure I receive those?
I have checked the Trust and Compliance Documentation, but none of the documents there seem like they would cover this. Searching the Auth0 docs also leads me to Breached Password Detection, but that only seems to cover breaches of our users’ (staff) credentials, not if attackers gained access to something internal to Auth0.