IaaS is great except when the vendor offering it has security issues. Identity-as-a-service vendor (Auth0) could allow bad actors to spoof a legitimate website and collect sensitive information from visitors.

Possible consequences - phishing attacks, harvest user credentials, or even possibly launching cryptomining attacks.

https://threatpost.com/auth0-glitch-allows-attackers-to-launch-phishing-attacks/132554/