OneLogin Password Manager Suffers Data Breach

A security breach has hit identity management company OneLogin in its US data storage region.

While a data breach is one thing, The Register reports it has been sent emails by OneLogin users that notes the data has not only been compromised, but the cyber criminals also have the got hold of the ability to decrypt it has as well.

Given OneLogin provides single sign-on access to numerous services and apps, such as Amazon Web Services and Microsoft Office 365, the data breach effectively opens up a such services to unauthorised access.

OneLogin breach

“Today we detected unauthorised access to OneLogin data in our US data region. We have since blocked this unauthorised access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorised access happened and verify the extent of the impact of this incident,” said Alvaro Hoyos, chief information security officer at OneLogin.

The company is suggesting customers take a number of actions to protect their accounts, from forcing a password reset and to generating new certificates for apps that use SAML SSO.

The problem with the actions being offered is that they are hidden behind a sign-in page, making it harder for end-users to quickly take action.

Tool such as OneLogin can help bolster the security of the services its is used with, but Nir Polak, chief executive at cyber security intellignece firm Exabeam noted it is far from perfect.

“Gaining access to OneLogin’s systems is very much like stealing a master key — once you have that, you have access to all of the systems that an employee can jump in to,” said Polak.

“It’s a tough situation: on the one hand, these identity manager services significantly improve security, as they improve control over passwords and account activation. On the other, as seen here, if you can break the system, that control all but vanishes.”

While data breaches are not uncommon, for OneLogin not only is the breach a challenge to solve but it is also a public relations nightmare for the company which trades on offering a secure service; this is something British Airways will be familiar with after an IT failure wreaked chaos on its operations and reputation.

Do you know all about security in 2017? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago