Password manager OneLogin suffers major hack

Enterprise ID management firm One Login covfefes to security breach

OneLogin positions itself as a security-enhancing tool, allowing its customers to sign on to multiple websites with a single shared identity.

"All customers served by our U.S. data center are affected; customer data was compromised, including the ability to decrypt encrypted data", according to the email.

OneLogin later updated its post about the latest security incident, saying the facts are subject to change as the incident is investigated, but revealed the method of attack. Staff were not aware of the breach until seven hours later at 9am PST and it was shut down within minutes.

The company says in its announcement that it has contacted affected users.

In other words, if you're a USA based OneLogin customer every bit of data you have stored with their services is open and accessible to the hackers.

Bryce Harper brawl-related suspension reduced to three games, reports say
Bryce Harper will serve a three-game suspension starting Wednesday night. Harper has been slumping over the last two weeks. He has also appealed the punishment.

According to Hoyos, the hacker was able to infiltrate database tables that contained information such as users, apps, and key types.

After repeating much of the same information included in the public statement, the email linked to a support page that users can only view after logging into their OneLogin account. In a follow-up, Hoyos added that this party did so by obtaining a set of AWS keys and used them to gain access to the AWS application programming interface via another service provider. Law enforcement and third-party security experts are now working with OneLogin to investigate the scope of the hack and identify the guilty parties involved.

OneLogin said in a blog post that it couldn't rule out the possibility that hackers got keys to reading encrypted data, such as stored passwords. "We want our customers to know that the trust they have placed in us is paramount", Hoyos wrote.

The company is suggesting customers take a number of actions to protect their accounts, from forcing a password reset and to generating new certificates for apps that use SAML SSO.

Password manager OneLogin suffered a breach in its US data region, according to a blog written by OneLogin CISO Alvaro Hoyos. It may be convenient to login once, since the service holds credentials to other cloud apps and sites, but why wouldn't an attacker be tempted to pull off one hack to get hold of so many credentials? Two-factor authentication is another trade-off - this time more security for less convenience.

Related News:

  • Goldman under fire for buying Venezuela

    Goldman under fire for buying Venezuela "hunger bonds"

    Detractors said Goldman is providing cash to and helping prop up a failed government that has been starving its people. The country is in a steep recession, with widespread shortages of food and medicine and skyrocketing inflation.

    Bombing in diplomatic area of Kabul kills 80, wounds scores

    The United States now has more than 8,000 troops in Afghanistan, training local forces and conducting counterterrorism operations. Ismail Kawasi , spokesman for the public health ministry, said more than 50 wounded people are in Kabul hospitals so far.
    A Lorde fan has had a better day at work than you

    A Lorde fan has had a better day at work than you

    Lorde , real name Ella Yelich-O'Connor, is performing second to headliner Chance The Rapper at the Governors Ball on Friday. But *then* she shared a screenshot of a private conversation they had via Twitter after Lorde slid into her DMs.
  • WaPost: Russians Might Get US Diplomatic Compounds Back

    Hammond told the Post that "U.S. and Russian Federation have reached no agreements", but Moscow is talking like it's a done deal. This would be the first attempt by Trump to roll back sanctions on Russian Federation imposed by the Obama administration.

    Preds win from ousting Ducks to reach 1st Stanley Cup Final

    In four games against the Predators, the 24-year-old winger had scored one goal and two assists. Rickard Rickell and Patrick Eaves did not make the trip to Nashville and will miss game six.

    Britain's Theresa May calls on British Airways to compensate customers for delays

    The British flag carrier has said the problem was caused by a power supply issue at one of its United Kingdom data centers. The airline also admitted that it was aware some passengers were unable to file a delayed bag report on its website.
  • Japan, US Conduct Joint Naval Drill Off Korean Peninsula

    Japan, US Conduct Joint Naval Drill Off Korean Peninsula

    USA and Japanese leaders had agreed 26 May to increase tangible pressure on North Korea. Washington has described the exercise as " routine training ".
    NHL Playoffs 2017: Ducks injuries cause for concern

    NHL Playoffs 2017: Ducks injuries cause for concern

    We've got to move forward, and there's a lot of trust and belief inside of our room that we can be successful". "That's for sure. They always catch the retaliation, and on the ensuing power play, Nashville finally made the Ducks pay for their transgression.

    Russia's ties with India will not be diluted: Putin

    Modi will be holding the 18th India-Russia annual bilateral summit with Russian President Vladimir Putin , on Thursday. Later, Putin will also host Modi at a private dinner in St Petersburg .
  • Leaving climate deal likely wouldn't add US jobs

    Leaving climate deal likely wouldn't add US jobs

    USA president Donald Trump announced today (June 1) he's chose to keep withdraw the country in from the Paris climate agreement . By abandoning the world's chief effort to slow the tide of planetary warming, Trump was fulfilling a top campaign pledge.

    Palestinian hunger striking prisoners plan to observe Ramadan fasting

    But the Israeli prison spokesperson reportedly "declined to comment on whether any of the other demands were met". Barghouti's wife Fadwa hailed a "victory for resistance and dignity" after the end of the 41-day hunger strike .
    FBI Warned UK About Manchester Bomber Salman Abedi 3 Months Before Attack

    FBI Warned UK About Manchester Bomber Salman Abedi 3 Months Before Attack

    Britain's official terror threat level was set at critical in the days after the attack, but was downgraded Saturday to severe. A total of 16 people have been arrested in connection with the attack, in which 22 people died.


Most liked

16-year-old girl charged with fatally stabbing Uber driver
Police say Eliza was unresponsive when they found her in hiding, blood splattered across her shirt and still gripping the weapons. Wasni climbed into the front seat of Nelson's silver sedan and drove away before striking a central reservation in the road.

SEC tweaks graduate transfer rules, opening door for Zaire
Friday's vote reduced the ban from three years to one, a proposal by the athletic directors at SEC spring meetings in Destin, Fla. Zaire hasn't made his final decision but reportedly was waiting to see what the SEC did before making his pick.

Finals pick up where they left off with Cavs-Warriors III
He's been mentioned on a level with Michael Jordan - I've chimed in on that subject - and for the most part it's deserved. As an underdog after finally bringing a banner home to Cleveland , James is playing with house money.

3 killed in shooting at Greenville Nissan dealership
Police said that about 20 shots were fired in about six seconds, despite innocent employees as well as children being nearby. The shootout at Nissan of Greenville resulted in the deaths of Ramon Michael Hutchinson, Gabriel Bernal and Fidel Garcia.

PPG throws in towel and abandons quest for AkzoNobel
In April, Akzo put forward an alternative plan to the merger, promising to give shareholders 1.6bn euros in extra dividends. It said it still believed a combined company would "create more opportunities" for customers, employees and shareholders.

China's Li: fighting climate change is 'global consensus'
Other European leaders issued more explicit appeals to the US government not to abandon worldwide measures against climate change. Mr Li said he believed the two had found a solution on the issue of Chinese quotas for electric cars after a lengthy discussion.

Turkish FM lashes out at USA delivery of arms to Kurdish fighters
U.S. officials have also indicated they will boost intelligence cooperation with Turkey to support its fight against the PKK. However, the US believes the Kurdish elements of the Syrian Democratic Forces (SDF) will be essential to Raqqa's downfall.

Adobe Scan turns physical documents into editable PDF files
Cross-device signature capture makes it possible to capture handwritten signatures even on computers that aren't touch-enabled. In addition, Adobe says the free app doesn't limit you on the number of pages you can scan nor does it downgrade the quality.

Trump Slams Kathy Griffin Decapitation Photo as 'Sick'
The US president castigated Kathy Griffin saying she "should be ashamed of herself" for the grisly-looking photograph. Meanwhile, a casino in New Mexico has scrapped a scheduled comedy performance by Griffin after her post.

Percentage of US Voters Supporting Trump's Impeachment Increases
Constitution". "The Economist Intelligence Unit believes that the risk of impeachment has risen from low to moderate". Morning Consult also cited general incompetence as the primary reason Americans would like to see Trump impeached.

Trump to Keep Embassy in Tel Aviv — Sources to CNN
Moving the embassy would likely indicate a change in U.S. policy toward recognizing Israel's claim to a united Jerusalem. Trump and Israeli Prime Minister Benjamin Netanyahu are fast friends.

Teen Thanks Defenders After Being Protected From Portland White Supremacist
One of the young women who was targeted in the verbal assault by Christian thanked the two men who lost their lives helping her. The attack occurred on a light-rail train on the first day of Ramadan, the holiest time of the year for Muslims.

Uber fires self-driving car chief at center of court case
Yoo writes that Levandowski's failure to comply with the court order constitutes a potential "breach" of the employment agreement. Levandowski, which accuse him of launching competing startups while at Google and attempting to poach its employees for Otto.

Young IAS official tries to rescue lady colleague, drowns in pool
Eyewitnesses claimed that a woman officer slipped and fell into the pool and many, including Dahiya, jump in to rescue her. The family of the deceased have been informed of the unfortunate death and they have reached Delhi.

Rogic's injury time victor secures Scottish Cup, treble for Celtic
Celtic will need to improve their squad though if they are to compete in both domestic and European competitions. At the start of the season the gaffer has come in and changed the philosophy.