Hackers break into centralized password manager OneLogin

Hackers break into centralized password manager OneLogin

According to a statement by OneLogin CISO Alvaro Hoyos, it "detected unauthorized access to OneLogin data in our United States data region" yesterday, and blocked the unauthorized access, reported the matter to law enforcement, and was working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident.

"We detected unauthorised access to OneLogin data in our USA operating region".

OneLogin offers a single sign-on and other authentication management services it says gives "employees, customers and partners with secure access to your cloud and company apps on any device".

OneLogin encrypts its users' password information, but according to a support page that is reportedly accessible to OneLogin account holders, the attackers may have gained access to "the ability to decrypt encrypted data".

Customers were warned about the incident in an email yesterday, and OneLogin also posted a short blog post about the problem. The attack started May 31, 2017 at about 2 a.m. PT, and OneLogin staff were alerted to it about seven hours later, when they shut down access. OneLogin's customers include Pinterest and Conde Nast.

Do you use the password manager OneLogin?

Making the attack against OneLogin more risky and potentially much more damaging is Hoyos's statement that while the company applies encryption to sensitive data, there remains the possibility that the hacker was able to obtain the ability to decrypt the stolen data. During the security breach, private information about users, apps, and various keys may have been obtained by the still unknown hackers. We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers.

It's unclear exactly what kind of customer data may have been compromised, but the company is urging administrators who use the single sign-on (SSO) feature to force a directory password reset for their users.

The company has blocked the unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident, Hoyos said. When a breach like this occurs, hackers potentially hold the keys to the kingdom.

There is also no official statement yet on how many accounts were affected by the security breach.

Related Articles

  • Adobe Scan turns physical documents into editable PDF files

    Adobe Scan turns physical documents into editable PDF files

    Using an Adobe app to snap, store and share those scans? All the documents are automatically saved on the Adobe Document Cloud. Cross-device signature capturing, custom templates, document stamping, and workflow customization are all being added.
    Partnered Forces in Syria and Iraq Continue to Make Progress

    Partnered Forces in Syria and Iraq Continue to Make Progress

    A Pentagon spokesman said: "We are keenly aware of the security concerns of our coalition partner Turkey". While America supports the YPG, it has officially designated the Marxist PKK a terrorist organization.
    Warren Haynes Shares Some Final Thoughts on Gregg Allman

    Warren Haynes Shares Some Final Thoughts on Gregg Allman

    Allman died peacefully at his home in Savannah, Georgia, according to a statement posted on his website . Allman idolized his older brother, Duane , eventually joining a series of bands with him.
  • Donald Trump's Middle East Comment in Israel

    Donald Trump's Middle East Comment in Israel

    During his visit , Trump notably avoided all of the thorny issues that have stymied peace efforts for decades. At the same time, Abbas and the Palestinians have been pleasantly surprised by their dealings with Trump.
    16-year-old girl charged with fatally stabbing Uber driver

    16-year-old girl charged with fatally stabbing Uber driver

    As Heavy reports, Grant Nelson's sister has spoken out about her brother's character in the aftermath of his violent murder. When she ignored commands to lower the knife and machete, officers subdued her with a stun gun and placed her in handcuffs.

    No budget deal yet as Illinois nears end of legislative session

    A House panel advanced a $37.3 billion Senate-backed spending plan that would be funded by a $5.4 billion tax increase. IL could use the revenue from iGaming - an activity that is going on illegally in the state to some degree - anyway.
  • Getty Realty Corp. (GTY) Stock Rating Lowered by Zacks Investment Research

    The share price of Kimco Realty Corporation (NYSE: KIM ) was up +1.71% during the last day of trading, with a day high of 17.86. The stock of Terreno Realty Corporation (NYSE:TRNO) has "Neutral" rating given on Thursday, January 5 by Mitsubishi UFJ.
    Predators won't reveal Game 3 starter against Penguins

    Predators won't reveal Game 3 starter against Penguins

    He has five game-winners, and has been the offensive hero in each of the first two games of the Stanley Cup Final. Just 15 seconds later, Malkin scored off a two-on-one, firing a ideal shot over Rinne's glove for a 4-1 lead.
    Top Trump aide exits as wider White House overhaul expected

    Top Trump aide exits as wider White House overhaul expected

    But it remains unclear whether the president might envision them working inside the White House or in outside roles. Spicer also told reporters that the White House views Germany and other European countries as important allies.
  • Finals pick up where they left off with Cavs-Warriors III

    Finals pick up where they left off with Cavs-Warriors III

    Keep in mind, Golden State had the benefit of a nine-day layover between the Western Conference Finals to the NBA Finals . Stephen Curry is averaging 28.5 points and 5.9 assists while Kevin Durant is averaging 26.4 points and 7.8 rebounds.

    Philippines says 500 militants involved in siege

    The minister raised the possibility of limiting airstrikes if government troops converge within cities controlled by militants. Twenty-one members of the security forces had also died, Padilla said, bringing the combined death toll to 129.
    After Stabbing, Portland's Mayor Wants 2 Right-Wing Demonstrations Canceled

    After Stabbing, Portland's Mayor Wants 2 Right-Wing Demonstrations Canceled

    The looming threat of violence at the rally justified a shutdown while the city worked out a long-term solution. Again, it appears that Mayor Wheeler wishes to do something-anything-to relieve the city of its trauma.