Published: Sat, June 03, 2017
Research | By Elizabeth Houston

Enterprise ID management firm OneLogin covfefes to security breach

Enterprise ID management firm OneLogin covfefes to security breach

Based on the severity of the hack, it seems OneLogin has the ability to access all client data-something other companies intentionally can't do specifically to avoid scenarios like this.

OneLogin positions itself as a security-enhancing tool, allowing its customers to sign on to multiple websites with a single shared identity. OneLogin claims that they encrypt sensitive data, however they also state that it's possible the intruder also gained access to the ability to decrypt it, but they also may not have.

Customers were warned about the incident in an email yesterday, and OneLogin also posted a short blog post about the problem.

OneLogin updated the blog post saying that the staff was alerted about the attack at 9am PST (about seven hours after the attack started) and was "able to shut down the affected instance as well as the AWS keys that were used to create it".

It isn't clear from OneLogin's statements so far what kind of customer data was stolen, but the fact that the company is advising mass password resets suggests that passwords may have been compromised.

James passes Jordan, Cavs back in Finals with 135-102 win
It's also the third straight year the two teams have clashed in the finals, with Golden State winning the title in 2015. They have earned a rubber match with the Warriors, setting up one of the most anticipated NBA Finals in recent memory.

Schapelle Corby arrives in Australia after last-minute flight change to avoid media
It's not clear if Corby has a personal connection to the Tyrrell family or to the case. "She seemed fine and very relaxed". Mercedes did not speak to the media when she arrived with a security guard at Rosleigh Rose's home just before 7.30am.

Scott Pelley Out at CBS 'Evening News,' Continues on '60 Minutes'
Mason has spent over 30 years as a television journalist, reporting from more than 30 countries and winning seven Emmy awards. Pelley, who joined the network in 1989, will also report major stories and breaking news events across the CBS News Division.

More than 12 million people utilize OneLogin - Yelp, AAA, Dell, Pandora and Pinterest are among its 2,000 clients.

Generate new API keys for all services. "We are thus erring on the side of caution and recommending actions our customers should take", it said, advising customers to take a number of steps, including resetting passwords and generating new security certificates.

Services like OneLogin can make it easier for companies and individual users to manage multiple logins and passwords. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident. It may be convenient to login once, since the service holds credentials to other cloud apps and sites, but why wouldn't an attacker be tempted to pull off one hack to get hold of so many credentials?

More in-depth instructions for account security can be found here.

Like this: