OneLogin Reports Unauthorized Access, User Data Compromised
Identity management and Single Sign-On vendor OneLogin has reported an unauthorized access issue, which may have compromised customer data.
According to a statement by OneLogin CISO Alvaro Hoyos, it ‘detected unauthorized access to OneLogin data in our US data region’ yesterday, and blocked the unauthorized access, reported the matter to law enforcement, and was working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident.
“We want our customers to know that the trust they have placed in us is paramount,” Hoyos said. “While our investigation is still ongoing, we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented.”
However according to Motherboard, multiple customers provided it with a copy of an email which revealed that “customer data was compromised, including the ability to decrypt encrypted data”.
The message also provided a list of required steps to minimize any damage from the breach, including: generating new API keys and OAuth tokens; creating new security certificates as well as credentials; recycling any secrets stored in OneLogin's Secure Notes feature; and updating passwords.
Matt Walmsley, EMEA Director at Vectra Networks, said: “An en-mass data theft at OneLogin has earned the hacker a significant haul of customers’ account credentials, including plain text access to passwords. This data can either be sold on or directly used for further breaches and theft.
“A post-mortem investigation is an important step towards mitigating future attacks. This is not the first time a data breach has occurred at OneLogin and if lessons are learnt, it comes with a hefty cost. The clear up and forensic phase is expensive and time consuming. It can be a drain on resources that would be better used on detection and rapid response.”
Source: Information Security Magazine