OneLogin hit by major data breach

Initially the company provided few details, other than disclosing the fact that there was an unauthorized access to OneLogin customer data.

"We detected unauthorised access to OneLogin data in our U.S. operating region".

OneLogin, a company that offers to secure authentication and identity management services to businesses, has warned customers of a security breach that could have spilt their corporate passwords to hackers. OneLogin was not alerted to the unusual database activity generated by the attacker until around 9:00 a.m. PST, but the breach was shut down within minutes afterward.

Affected OneLogin users can visit this page for a handy 11-step guide to securing your data, if that's possible, or read through it over at El Reg.

After repeating much of the same information included in the public statement, the email linked to a support page that users can only view after logging into their OneLogin account.


The severity of the breach to consumers is not yet known but the company has stated that the hack allowed the threat actor to access database tables that contain personal information about users, apps, and various types of keys.

Published reports, however, say OneLogin informed customers that the hackers indeed got that capability.

As of 2013, OneLogin boasted 12 million users across 700 companies, and those numbers have likely grown significantly in the last few years. Law enforcement and third-party security experts are now working with OneLogin to investigate the scope of the hack and identify the guilty parties involved.

Making the attack against OneLogin more risky and potentially much more damaging is Hoyos's statement that while the company applies encryption to sensitive data, there remains the possibility that the hacker was able to obtain the ability to decrypt the stolen data. "We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers", Hoyos wrote. The password service then unlocks other accounts as needed.

The attack occurred on May 31 around 2am PST (09:00 GMT), according to OneLogin. This isn't the first time OneLogin has been targeted as it also detected unauthorized access back in August 2016.


Popular
  • Teen charged with fatally stabbing Uber driver in Chicago

    Teen charged with fatally stabbing Uber driver in Chicago

    Wasni climbed into the front seat of Nelson's silver sedan and drove away before striking a central reservation in the road. Uber , in a statement , said that they are fully cooperating with the law enforcement agencies in the investigation.
    'He's human': Cavs coach defends LeBron after 'weird' loss

    'He's human': Cavs coach defends LeBron after 'weird' loss

    It also marked the first time since the 2005-06 season that James played a full fourth quarter without scoring a single point. It was a very welcomed sight in Irving's case, after he rolled his left ankle in the third quarter of Cleveland's Game 4 win.

    Ariana Grande announces benefit concert for Manchester

    Prince William will lead the tributes, laying a wreath alongside Manchester Mayor Andy Burnham on the field before the kickoff. These operations, as well as one at Manchester Arena, will continue over the weekend.
  • Turkish troops die in helicopter crash near Iraq border

    Turkish troops die in helicopter crash near Iraq border

    Deputy Prime Minister Mehmet Simsek and Interior Minister Suleyman Soylu also arrived in Sirnak to examine the scene. It said initial information indicated that the helicopter hit a high-voltage transmission line.
    White House official: Trump plans to pull U.S.  from Paris deal

    White House official: Trump plans to pull U.S. from Paris deal

    Economists say that leaving the Paris deal and easing efforts to control emissions would hardly deliver a big payoff in jobs. Quitting the Paris accord may not resonate with members of Trump's Republican Party as much as his administration expects.
    In South Africa Cape Town region declares drought disaster

    In South Africa Cape Town region declares drought disaster

    Hydrological disasters were declared in Prince Albert, Witzenberg and Oudtshoorn. The province assured the public that the declaration was not cause to panic.
  • Finals pick up where they left off with Cavs-Warriors III

    Many of us like to think that we would stay with the Thunder, but many of us would probably also want to play on the Warriors. These aren't flawless , but they're definitely an improvement over the last few pairs of Curry's to be released so far.
    Japan leader: G-7 agrees more pressure on N. Korea

    Japan leader: G-7 agrees more pressure on N. Korea

    Meeting before a Group of Seven summit, Trump and Abe dedicated much of their discussion to the issue, aides said. It's a big problem, it's a world problem and it will be solved.
    Golden State expects to face Cleveland

    Golden State expects to face Cleveland

    Golden State will host Game 1 of the NBA Finals on June 1 against either Cleveland or Boston. Kawhi Leonard was, without a doubt, missed by San Antonio in their second game at Oracle.
  • Storm outlook: Which parts of Colorado might see severe weather this week?

    Storm outlook: Which parts of Colorado might see severe weather this week?

    The National Weather Service confirmed hail from the first storm that hit northern Warren County during the mid-afternoon. There's a slight chance of showers during the day Friday, but conditions should be mostly sunny with a high near 74.

    Cavs beat Celtics to earn NBA Finals rematch with Warriors

    It's also the third straight year the two teams have clashed in the finals, with Golden State winning the title in 2015. Boston was the top seed in the Eastern Conference this season and played pretty well in the playoffs otherwise.
    Delay in court case deepens health insurance uncertainty

    Delay in court case deepens health insurance uncertainty

    Under former Speaker John Boehner, House Republicans sued the Obama administration to prevent it from doling out the subsidies. According to the motion, legislators and the administration are still working on ways to avoid a legal ruling on the case.

CONNECT