Jump to content
Advertise With Us! Or Sign Up To Remove Ads!

Archived

This topic is now archived and is closed to further replies.

Easy Skanking

Password manager OneLogin hacked, exposing sensitive customer data

Recommended Posts

Quote

Password manager OneLogin hacked, exposing sensitive customer data

http://www.zdnet.com/article/onelogin-hit-by-data-breached-exposing-sensitive-customer-data

Password manager and single sign-on provider OneLogin has been hacked, the company has confirmed.

In a brief blog post, the company's chief security officer Alvaro Hoyos said that it had "detected unauthorized access to OneLogin data in our US data region," and that it had reached out to customers...

..."OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised," the email read.

Hackers have "the ability to decrypt encrypted data," says a support page, accessible only to OneLogin customers (a copy of the post was published online)...

...

The company also hasn't said how many customers were affected, but the company's website lists dozens of major multinationals, including ARM, Dun & Bradstreet, The Carlyle Group, Conde Nast, and Dropbox.

OneLogin allows corporate users to access multiple web applications, sites, and services with just one password. It's thought that the company has millions of users serving more than 2,000 companies in dozens of countries, according to CrunchBase.

The single sign-on provider integrates hundreds of different third-party apps and services, such as Amazon Web Services, Microsoft's Office 365, LinkedIn, Slack, Twitter, and Google services....

This is why it's best practice to keep passwords and security keys local and preferably offline. Using one company as a keyholder simply presents too great a target to hackers. As we see, there are vulnerabilities in every company.

Share this post


Link to post
Share on other sites

×