Hackers break into centralized password manager OneLogin

Hackers break into centralized password manager OneLogin

According to a statement by OneLogin CISO Alvaro Hoyos, it "detected unauthorized access to OneLogin data in our United States data region" yesterday, and blocked the unauthorized access, reported the matter to law enforcement, and was working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident.

"We detected unauthorised access to OneLogin data in our USA operating region".

OneLogin offers a single sign-on and other authentication management services it says gives "employees, customers and partners with secure access to your cloud and company apps on any device".

OneLogin encrypts its users' password information, but according to a support page that is reportedly accessible to OneLogin account holders, the attackers may have gained access to "the ability to decrypt encrypted data".

Customers were warned about the incident in an email yesterday, and OneLogin also posted a short blog post about the problem. The attack started May 31, 2017 at about 2 a.m. PT, and OneLogin staff were alerted to it about seven hours later, when they shut down access. OneLogin's customers include Pinterest and Conde Nast.

Do you use the password manager OneLogin?

Making the attack against OneLogin more risky and potentially much more damaging is Hoyos's statement that while the company applies encryption to sensitive data, there remains the possibility that the hacker was able to obtain the ability to decrypt the stolen data. During the security breach, private information about users, apps, and various keys may have been obtained by the still unknown hackers. We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers.

It's unclear exactly what kind of customer data may have been compromised, but the company is urging administrators who use the single sign-on (SSO) feature to force a directory password reset for their users.

The company has blocked the unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident, Hoyos said. When a breach like this occurs, hackers potentially hold the keys to the kingdom.

There is also no official statement yet on how many accounts were affected by the security breach.

Related Articles

  • India, Spain express need for EU-India FTA

    Narendra Modi , at the historic Piskarevskoe Memorial Cemetery in St Petersburg , the cultural capital of Russian Federation . During his visit, PM Modi will hold the 18th India-Russia annual Summit with Russian President Vladimir Putin .
    Trump abandoning global climate pact? Decision 'very soon'

    Trump abandoning global climate pact? Decision 'very soon'

    Musk has defended his decision to stick with Trump, saying White House access would give him greater influence on policy. China , the number one producer of greenhouse gases, is burning close to half of the world's coal supply each year.

    Minus Ryan Johansen, Predators find a way to beat Ducks

    They always catch the retaliation, and on the ensuing power play, Nashville finally made the Ducks pay for their transgression. Who is Frederick Gaudreau? The Ducks and Predators are scheduled to play Game 5 at Honda Center on Saturday night.
  • Kurdish militants claim downing of Turkish military chopper

    Kurdish militants claim downing of Turkish military chopper

    The chopper came down near Turkey's border with Iraq this evening after hitting a high-voltage communications line. Search and rescue units have reportedly been dispatched to the area.

    Donald Trump's Middle East Comment in Israel

    During his visit , Trump notably avoided all of the thorny issues that have stymied peace efforts for decades. At the same time, Abbas and the Palestinians have been pleasantly surprised by their dealings with Trump.
    Partnered Forces in Syria and Iraq Continue to Make Progress

    Partnered Forces in Syria and Iraq Continue to Make Progress

    A Pentagon spokesman said: "We are keenly aware of the security concerns of our coalition partner Turkey". While America supports the YPG, it has officially designated the Marxist PKK a terrorist organization.
  • Philippines says 500 militants involved in siege

    The minister raised the possibility of limiting airstrikes if government troops converge within cities controlled by militants. Twenty-one members of the security forces had also died, Padilla said, bringing the combined death toll to 129.

    Centerville teen advances to the 3rd round at national spelling bee

    When the 13-year-old started elementary school, he had to learn how to talk and interact with his classmates. Ben is a well rounded kid who plays viola and baseball, in addition to studying for spelling bees .
    Trump's communications director set to leave White House

    Trump's communications director set to leave White House

    The White House has not announced a successor for Dubke, and it's unclear when exactly his last day will be. "I would just say Mr. Ms Conway said Mr Dubke had agreed to continue working while Mr Trump was away on his first worldwide trip as president.
  • Trump to announce withdrawal from Paris climate deal

    Trump to announce withdrawal from Paris climate deal

    The Paris pact obligates the U.S.to reduce its greenhouse gas emissions 26 to 28 percent by 2025, compared to 2005 levels. All implementation of the non-binding portions of the agreement will cease to be enforced by the United States, he said.

    Comey to testify to US Senate intelligence panel on June 8

    Last month, the Justice Department named another former FBI chief, Robert Mueller , as a special counsel to the investigation. Senators will also likely ask Comey about his relationship with the president in the weeks leading up to his firing .
    Underdog Cavs insist they have plenty of bite for Finals

    Underdog Cavs insist they have plenty of bite for Finals

    This group almost beat the full-strength Cavs previous year , and adding Kevin Durant tipped the scales in their favor. One, James is the best player alive and his entire motivation now seems to revolve around collecting more rings.