Do You Use OneLogin? Change Your Password Now

Posted June 03, 2017

Single sign-on (SSO) specialist OneLogin has admitted to a breach that has left attackers unknown with customer data, potentially including the ability to decrypt sensitive account credentials.

The firm's chief security officer Alvaro Hoyos said in a blog post that "a malicious actor had obtained access to our U.S. operating region".

While a data breach is one thing, The Register reports it has been sent emails by OneLogin users that notes the data has not only been compromised, but the cyber criminals also have the got hold of the ability to decrypt it has as well.

OneLogin's blog post includes no other details, aside from a reference to the company's compliance page.

Chelsea boss Antonio Conte: Wembley defeat can't take shine off season
Go somewhere and make a lame joke about his "turning circle" for all I care. Arsenal are not in the Champions League next season.

In other words, if you're a USA based OneLogin customer every bit of data you have stored with their services is open and accessible to the hackers.

OneLogin's website states that over 2000 global enterprise customers secure their applications with its software, including Conde Nast, ARM, The Carlyle Group, and Pinterest.

That's highly convenient, especially since you probably have a dozen or more user names and passwords to remember.

OneLogin said in a blog post that it couldn't rule out the possibility that hackers got keys to reading encrypted data, such as stored passwords.

After India, China now slams credit rating agency Moody's after downgrade
Chinese officials have said that Moody's analysis is based on the use of an "inappropriate methodology". Chinese growth was officially the weakest seen for 26 years, but still came in at a dizzying 6.7%.

"Our review has shown that a threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US".

"The threat actor was able to access database tables that contain information about users, apps, and various types of keys", OneLogin said in a statement. All affected OneLogin customers should have already been contacted by the company, but even if an email has not been received it is recommended to immediately log in to your OneLogin account and change your security credentials. In many attacks, some form of directed, spear-phishing email is often found to be a root cause.

Services like OneLogin can make it easier for companies and individual users to manage multiple logins and passwords.

Gizmodo reached out to OneLogin for comment on yesterday's breach, but had not heard back at time of writing.

To many Americans, Memorial Day has lost its meaning
The war dead are all around us but mostly forgotten 364 days of the year, until Decoration Day comes 'round again. This day was created to specifically honor those who died defending our freedom, our unity and our democracy.