It was confirmed that the OneLogin password manager was hacked, and the company itself released a short blog post in which they’ve explained the situation.
In the post, the chief security officer of the company, Alvaro Hoyos, has stated that they’ve detected unauthorized access to the data they’ve been protecting and that the data itself was limited to the US region. The customers were already reached out to, and they were notified about the situation.
He also said that the hacker who breached the data was blocked and that the law enforcement was brought in on the situation. Many details about the incident, or any technical details for that matter, weren’t mentioned. The only statement was that the sensitive data belonging to the customers was stolen, and we’re currently waiting for the further information.
The company itself has stated that the affected customers involve all those who were served by the US data center and that the data can be considered compromised. Despite the fact that the data was encrypted, it’s believed that it’s still not safe since many hackers have already proved to have the knowledge and ability to break an encryption and decrypt it.
That’s why it’s very important for everyone who’s considered to be affected by the incident to immediately change their passwords, and generate the new API keys, as well as make new OAuth tokens that are used for logging in. Also, security certificates should also be renewed.
The question on everyone’s mind right now is how did hackers get access, and why could the data be decrypted? Twitter users have started asking this question first, and one of them has asked why would OneLogin have a method of decrypting the users’ data in the first place?
The company didn’t answer this, nor did they say how many people were affected by the breach. However, their website lists many multinational companies, like Dropbox, Dun & Bradstreet, Conde Nast, ARM, and The Carlyle Group.
— Mike Baker (|m|) (@_Bike_Maker_) June 1, 2017
The service allows their customers to store one password and use it for multiple apps, websites, and even other services. It’s estimated that the company serves 2,000 companies located in dozens of countries, which would also mean that they own credentials of millions of users.
This isn’t even the first such breach, but instead, another one was detected last August. Back then, the company also warned their users that an unauthorized user has gotten access, but they’ve also denied even the possibility of any data being stolen or otherwise compromised.