OneLogin Data Breach Poses Worrisome Questions About Cloud Use

Posted June 03, 2017

Single sign-on (SSO) specialist OneLogin has admitted to a breach that has left attackers unknown with customer data, potentially including the ability to decrypt sensitive account credentials.

The company disclosed the breach on Wednesday, saying that it had detected "unauthorized access" to customer data in the United States the same day.

Identity management and Single Sign-On vendor OneLogin has reported an unauthorized access issue, which may have compromised customer data. According to the email, the attacker "was able to access database tables containing information about users, apps, and various types of keys. while we encrypt certain sensitive data at rest, at this time we can not rule out the possibility that the threat actor also obtained the ability to decrypt data".

The company notified customers via email Wednesday that the incident stemmed from unauthorized access to one of its USA data centers.

Published reports, however, say OneLogin informed customers that the hackers appeared to have gotten a way to access encrypted data. "We want our customers to know that the trust they have placed in us is paramount", Alvaro Hoyos, CISO of OneLogin, said in a post explaining the incident.

Blue Jays' lefty Francisco Liriano strikes out seven in triple-A rehab start
Carrasco (5-2) pitched six shutout innings before allowing back-to-back homers to Yander Alonso and Ryon Healy in the seventh. Staked to more run support than a starter should ever need, Stroman improved his record to 6-2 and lowered his ERA to 3.28.

Reset OneLogin directory passwords for every user.

"The threat actor was able to access database tables that contain information about users, apps, and various types of keys", OneLogin said in a statement. While the company maintains that it encrypts certain sensitive data, it didn't rule out the possibility that the "malicious actor" had the ability to decrypt them.

OneLogin has pointed customers to a support page that instructs them on how to deal with the breach, including having users change their passwords, creating new certificates, and creating new OAuth tokens. "We are thus erring on the side of caution and recommending actions our customers should take".

OneLogin's service manages passwords and logins for multiple applications and sites for business users. This isn't the first time OneLogin has been targeted as it also detected unauthorized access back in August 2016.