Password manager OneLogin compromised by data breach

Enterprise ID management firm OneLogin covfefes to security breach
Identity management outfit OneLogin sugar coats impact of attack
Author

03 June, 2017

Initially the company provided few details, other than disclosing the fact that there was an unauthorized access to OneLogin customer data.

The company disclosed the breach on Wednesday, saying that it had detected "unauthorized access" to customer data in the United States the same day.

In a blog post published Tuesday, the single sign-on service wrote that it had detected unauthorized access to OneLogin data in its USA data region.

Yet the support page referenced in the email, a page which can only be viewed by customers logging in, allegedly added, "All customers served by our USA data center are affected; customer data was compromised, including the ability to decrypt encrypted data".

Customers were warned about the incident in an email yesterday, and OneLogin also posted a short blog post about the problem.

More news: GOP health bill: 23M more uninsured; sick risk higher costs

More than 12 million people utilize OneLogin - Yelp, AAA, Dell, Pandora and Pinterest are among its 2,000 clients. Apps that use the Security Assertion Markup Language (SAML) SSO feature need new certificates, and new application programming interface credentials and OAuth tokens must be generated.

OneLogin said in a blog post that it couldn't rule out the possibility that hackers got keys to reading encrypted data, such as stored passwords. "We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers", Hoyos wrote. OneLogin's AWS keys were used by the attacker from a smaller, unidentified service provider in the U.S, that was able to create new virtual server instances to get visibility and perform reconnaissance into OneLogin's operations.

OneLogin is now working with independent third-party security experts and law enforcement to investigate the intrusion. In many attacks, some form of directed, spear-phishing email is often found to be a root cause.

The company did not immediately respond to a request for more information, including whether the breach allowed hackers to decrypt customer data.

Gizmodo reached out to OneLogin for comment on yesterday's breach, but had not heard back at time of writing.


More news


  • World leaders reaffirm commitment to fighting climate change

    Musk said on Twitter that he had done all he could to advise the White House on the deal that was signed in 2016 by 195 countries. Any delay in U.S. efforts to halt greenhouse gas emissions could cost the country and the world in the long term, scientists say.
    European allies see the two sides of Trump

    European allies see the two sides of Trump

    The president tweeted Saturday, "I will make my final decision on the Paris Accord next week!" Kushner's lawyers have said he will cooperate with the newly appointed special counsel.
    Reformists sweep Tehran municipal vote as Rouhani wins Iran

    Reformists sweep Tehran municipal vote as Rouhani wins Iran

    He called Trump's meeting with Saudi leaders "just a show" and declared it would not "have any political and practical value". Unlike in the U.S., Iran's president is a political figurehead with very limited powers and responsibilities.
  • Class 10: wide gap in performance of English and Guj-medium students

    Class 10: wide gap in performance of English and Guj-medium students

    With the GSEB SSC Result coming today, students will finally be able to relax and plan for their further studies accordingly. Students are advised to keep the online downloaded copy or printed copy of GSEB SSLC Result 2017 for future reference.

    Stokes hits risky century in England's 330-6 v South Africa

    Stokes has recently returned from the Indian Premier League, where he was crowned the most valuable player at the competition. That became 10 off 10 balls when David Miller (71 not out) struck Jake Ball for a six and a four off successive deliveries.
    Schapelle Corby back home in Aus

    Schapelle Corby back home in Aus

    She will be processed by immigration officials at the airport and authorities insist she will not be allowed to use the VIP exit. Corby has just gotten to the airport, where she will fly back home - the first time she's left Bali in 13 years.
  • White House to stop taking questions related to Russian Federation probe

    The Secret Service says it has charged a person who attempted to jump over a bike rack barricade near the White House. Bierbauer noted: "There is no convention as to how long a briefing should last, nor that it should start on time".
    McInnes refuses to rule out Sunderland move — Sunderland

    McInnes refuses to rule out Sunderland move — Sunderland

    Jonny Hayes had given the Dons the lead before Stuart Armstrong levelled nearly immediately. We'll have a go at it again next year.
    Wales boss Chris Coleman speaks out about Crystal Palace links

    Wales boss Chris Coleman speaks out about Crystal Palace links

    That's all I care about. "I don't think past that, I can't afford to", Coleman said. I am not ready to hand this over to someone else, not yet I am not.
  • Long-time National Football League  insider let go — Latest ESPN layoff

    Long-time National Football League insider let go — Latest ESPN layoff

    When ESPN was in the midst of massive layoffs last month , we knew that all the names would not be publicly released at the time. National Football League reporter John Clayton reportedly is among the ESPN layoffs, according to several reports.
    No surprise: It's Cavs-Warriors in the NBA Finals yet again

    No surprise: It's Cavs-Warriors in the NBA Finals yet again

    According to ESPN Stats & Information, James will enter the Finals as an underdog for the sixth time in eight career appearances. But Boston players acknowledged there is still work to be done to catch the Cavaliers .
    UP police deny Rahul Gandhi permission to visit riot-hit Saharanpur

    UP police deny Rahul Gandhi permission to visit riot-hit Saharanpur

    Leaders of the Congress, according to reports, had questioned Rahul's disinterest in visiting the clash-torn region. Due to violence in Saharanpur, which rose early this month, Internet service was kept suspended on Wednesday.