The Dell Boys
The Dell Boys

OneLogin Password Manager Suffers Data Breach

OneLogin Password Manager Suffers Data Breach

So far, the company has not provided information on how many people were affected by the breach, what information was exposed, or how hackers gained access to the data systems. Although the firm mentioned that it encrypts sensitive information, many were curious about how the attacker was able to then get access to data that could be decrypted.

Despite saying that the company reached out to its customers "with specific recommended remediation steps", the email sent to customers was also lacking specifics about the OneLogin security breach.

It's unclear exactly what kind of customer data may have been compromised, but the company is urging administrators who use the single sign-on (SSO) feature to force a directory password reset for their users. Yet the one-sign-on, password management company OneLogin confirms that customer data has been hacked and likely decrypted. "Through the AWS API, the actor created several instances in our infrastructure to do reconnaissance", read the company blog post detailing the attack.

"Am I the only 1 to find it disturbing OneLogin had a decryption method for customer data accessible enough to be grabbed via breach?" said one user on Twitter.

"Today we detected unauthorized access to OneLogin data in our U.S. data region", Hoyos wrote in the initial blog post.

OneLogin said in a blog post that it couldn't rule out the possibility that hackers got keys to reading encrypted data, such as stored passwords.

The company has blocked the unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident, Hoyos said.

This is the second breach OneLogin has suffered recently.

OneLogin didn't immediately respond to questions.

Tool such as OneLogin can help bolster the security of the services its is used with, but Nir Polak, chief executive at cyber security intellignece firm Exabeam noted it is far from flawless. This is not the first time a data breach has occurred at OneLogin and if lessons are learnt, it comes with a hefty cost.


editors' picks