OneLogin Breach Shows Alarming Potential For Hackers To Decrypt Customer Data

Sometimes it feels as though nothing is safe from the prying eyes (and digital crowbars) of dedicated hackers. Single sign-on provider OneLogin has found this out the hard way, as its systems were breached this week, potentially exposing customer data.

“We detected unauthorized access to OneLogin data in our US data region,” OneLogin disclosed in a blog posting this week. “We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident.”

hacker

This initial notice was frustratingly lacking in detail, and customers were left to assume the worst with regards to the severity of the attack. However, OneLogin has since updated its blog posting with more details, including the unfortunate news that hackers were able to gain access to the company’s AWS keys.

The hackers were then able to use those keys to “access the AWS API from an intermediate host with another, smaller service provider in the US.” The company reports that the intrusion began at 2AM on May 31st, but it wasn’t until seven hours later that OneLogin staff detected any anomalies and was able to cut off access. That is a rather lengthy period of time for the “threat actors” to have access to the company’s database tables.

OneLogin also provided this rather dour warning:

While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data. We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers.

Those actions of course include resetting passwords, generating new API keys and creating new security certificates.

It is reported that OneLogin provides services to over 2,000 companies (including Yelp, Midas, Pinterest, Pacific Life, The Carlyle Group, Conde Nast, and Pandora) and has millions of individual users. OneLogin allows users to integrate with services like Amazon Web Services, Office 365 and Google ecosystem.

The post OneLogin Breach Shows Alarming Potential For Hackers To Decrypt Customer Data appeared first on Android News.

Check Also

Download Android Pie based OxygenOS for Redmi Note 5 Pro

Now you can Update Redmi Note 5 Pro to Android 9 Pie by installing latest OxygenOS ROM. Redmi Note 5 pro is a popular device and there are already have lots of custom ROM available for the device. The OxygenOS is the latest addition to the list and which is ported from OnePlus 5T. If you want to taste Android 9.0 Pie ROM on Redmi Note 5 Pro then follow our guide to Download OxygenOS Redmi Note 5 Pro. XDA Senior Member LeekGeek released the initial build of OxygenOS for Redmi Note 5 Prowhich is based on Open beta build but stable enough to use it as a daily driver. The ROM comes with many Android Pie and OxygenOS features but may contain some bugs. You need to be rooted, and TWRP installed on your device to use this ROM. Download Android Pie based OxygenOS for Redmi Note 5 Pro from below. The ROM is an initial Android Pie build for Redmi Note 5 pro and missing many features but it’s improved with time, but the good news is you can experience Android Pie based OxygenOS on Redmi Note 5 ..

Leave a Reply

Your email address will not be published. Required fields are marked *