OneLogin suffers data breach, again
OneLogin, a popular single sign-on service that allows users to access thousands of popular cloud-based apps with just one password, has suffered what seems to be a serious data breach.
According to a short blog post by the company’s Chief Information Security Officer Alvaro Hoyos, they discovered the breach when, on Wednesday, they detected unauthorized access to OneLogin data in their US data region.
“We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident,” Hoyos noted, and added that impacted customers have been notified via email and provided with specific recommended remediation steps.
Affected users will have to generate new certificates for their apps, new API credentials, OAuth tones, desktop SSO tokens and credentials, recycle any secrets stored in Secure Notes, and more:
Holy shit. #OneLogin clients… tomorrow is gonna be a long day. pic.twitter.com/grNJwAlnYq
— D⭕️M (@nerdybeard) June 1, 2017
A support page for the customers says that all customers served by the company’s US data center are affected and that “customer data was compromised, including the ability to decrypt encrypted data.”
This is the second time in less than a year that San Francisco-based OneLogin suffered a breach. Last August, an attacker managed to gain access to a company system and view some customers’ unencrypted Secure Notes.
“Single sign-on is like a master key, offering users easy access to multiple apps and sites. It is also a tantalising prize for cybercriminals to steal,” noted Matt Walmsley, EMEA Director at Vectra Networks.
“Attackers will often target supply chains as a point of focus – they hold valuable information about customers. An en-mass data theft at OneLogin has earned the hacker a significant haul of customers’ account credentials, including plain text access to passwords. This data can either be sold on or directly used for further breaches and theft.”