If you are a OneLogin user, you may want to get in touch with them right away as the company has confirmed that there have been an “unauthorized access” to its infrastructure and its US-based users data may or may not have been stolen.
It seems that a hacker got into OneLogin systems by obtaining access to a set of AWS keys. Through AWS API, he or she was able to create several instances in their infrastructure, downloaded customer’s data and what-not.
While the company is saying that the attack started on May 31, 2017 around 2 am PST, reports says that the hacker may have been there for over a month.
The hacker created several instances on OneLogin infrastructure to use for his reconnaissance mission but his unusual activities drew the attention of OneLogin engineers and they were able to shut down the affected instance and terminated the AWS keys that were used to create it.
OneLogin believes that the hacker was able to access database tables that contain information about users, apps, and various types of keys and that while they encrypted certain sensitive data at rest, they cannot rule out the possibility that the threat actor also obtained the ability to decrypt data he obtained.
Some security experts has criticized the way OneLogin handled their security breach response and information sharing saying that the company ” gave differing information to different users”.
If you are an individual or a corporate entity using OneLogin for identity and access management, we highly recommend that you should change every single credentials you have with them and keep abreast of new developments as this unfolds by visiting their Twitter account or creating a support incident ticket with them.
You can also call: 1-877-979-0411 for the U.S and +44 800 808 5424 for United Kingdom.
OneLogin (founded in 2009 and is headquartered in San Francisco, CA.) provides single sign-on and identity management for cloud-based applications and focuses primarily on companies that operate in the cloud and integrates with cloud apps using SAML, WS-Federation, OpenID and web services integration. The company’s cloud-based IAM market now includes 2000 enterprise customers in 44 countries, including AAA, Citizen, Conde Nast, Herman Miller, Yelp, Zendesk, Dell Services, Susan G. Komen, Pandora, Steelcase and Pinterest.