As convenient as it can be to have a password manager to help keep track of unique passwords, that convenience is swiftly stripped away when the password database gets hacked. This week, OneLogin users will want to double check their accounts as the service has warned that it has suffered a data breach, during which customer information was stolen. To make matters worse, OneLogin currently can't rule out the possibility that the attacker also managed to get hold of a data decryption tool.
OneLogin has confirmed that it detected unauthorised access in the company's US data region. The breach has since been fixed but at this point, user data has already been exposed. Here is how OneLogin explains the method of attack:
“Our review has shown that a threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US. Evidence shows the attack started on May 31, 2017 around 2 am PST. Through the AWS API, the actor created several instances in our infrastructure to do reconnaissance. OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it.”
The attacker was able to access “database tables that contain information about users, apps and various types of keys”. As you would expect, OneLogin does encrypt all of its sensitive data but at this time the company “cannot rule out the possibility” that the hacker also made off with the ability to decrypt data.
If you are a OneLogin user then you will want to keep an eye on your various accounts and possibly change passwords for any sensitive accounts.
KitGuru Says: Unfortunately for those that use OneLogin, there isn't a ton of information on exactly what was stolen right now but hopefully we can get more specific details soon as the investigation continues.