OneLogin Discloses Data Breach
Password management platform OneLogin has disclosed a data breach.
The company said it discovered “unauthorized access” to customer data. They are working with a private security firm and law enforcement to investigate the breach.
“Today we detected unauthorized access to OneLogin data in our US data region,” Alvaro Hoyos, the company’s chief information security officer, wrote on OneLogin’s blog. “We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident.”
While the disclosure offered few details about the extent of the breach, an email notification published by Motherboard indicates that not only was user information compromised, but the hackers may also have gained “the ability to decrypt encrypted data.”
The OneLogin platform allows users to access multiple cloud-based applications and website using a single sign-on. Some of the websites integrated with the service include Amazon Web Services, Cisco Webex, Google Analytics, LinkedIn, Microsoft Office 365 and Slack.
The company has taken a number of steps to help secure user data, including:
- forcing users to reset their passwords
- generating new security credentials and certificates for websites and apps
- Changing secrets stored in the company’s secure notes.
While the company said the breach is limited to the United States, they serve over 2,000 business customers in 44 countries.