Major access management service OneLogin was breached by perpetrators that were able to decrypt data. The hack affects “all customers served by our U.S. data center,” and those involved have been advised to visit a registration-only support page where the steps needed to be taken are outlined.
Security experts labeled the attack as “embarrassing” and that it displayed that the company was open to a breach. OneLogin requires a single sign-on and allows users access to several apps and sites with its single password. In 2013 alone, the company had 700 business clients and passed 12 million licensed users. Of those apps and sites merged into the platform, some of the larger names include Amazon Web Services, Microsoft Office 365, Slack, Cisco WebEx, Google Analytics, and LinkedIn.
“We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened,” said chief information security officer, Alvaro Hoyos, in a statement. “We are actively working to determine how best to prevent such an incident from occurring in the future.”
Users that log in to the site should take the following precautions to minimize the risk of their data:
- Force a password reset for all users
- Create new security measures and certificates for apps and sites
- Recycle secrets stored within OneLogin’s secure notes
In a statement to its customers, OneLogin said, “Because this is still an active investigation involving law enforcement, there are certain details we can’t comment on at this time. We understand how frustrating this might be and thank you for your patience while we continue the investigation.”
Via BBC
Learn more about Electronic Products Magazine