A root-cause analysis for this issue has been performed and is now available at https://cdn.auth0.com/blog/20210512-2-Incident-RCA.pdf
Between 21:20 and 22:50 UTC, we temporarily introduced some changes in our Passwordless `/verify` endpoint. If you were using this endpoint directly or through your Login page, and not passing through a Client ID, your users would have encountered errors after entering their OTPs. Our Engineers addressed this issue, and service was restored. We will provide our customers with a detailed Root Cause Analysis (RCA) within the next 14 days or sooner.
We are currently investigating this issue.