Do you use the password manager OneLogin? We have some bad news. The company this week announced that a hacker broke into its systems for the "US operating region" and stole sensitive user information.
Details of the intrusion and its impact are scant, but OneLogin's Alvaro Hoyos, who leads the company's risk management, security, and compliance efforts, said in a blog post that the hacker "was able to access database tables that contain information about our users, apps, and various types of keys.
"While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data," Hoyos added.
Based in San Francisco, OneLogin offers single sign-on and identity management services for more than 2,000 enterprises in 44 countries.
The attack started on May 31 at around 2 a.m. PST when the hacker "obtained access to a set of [Amazon Web Services] keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US," Hoyos wrote.
Related
- The 5 Worst Hacks and Breaches of 2016 and What They Mean for 2017The 5 Worst Hacks and Breaches of 2016 and What They Mean for 2017
"Through the AWS API, the actor created several instances in our infrastructure to do reconnaissance," Hoyos added. OneLogin staff caught wind of the unusual database activity seven hours later — at around 9 a.m. PST and shut down the attack "within minutes."
OneLogin is currently working with independent third-party security experts and law enforcement to investigate the intrusion. The company has already notified customers with instructions on what they should do next. "We want our customers to know that the trust they have placed in us is paramount," Hoyos wrote.
According to a post on Twitter, though, the list of action items for affected customers is pretty extensive and involves a lot more than simply changing your password. OneLogin did not immediately respond to PCMag's request for more information about the breach.
The multi-stage attack, which leveraged weaknesses in Signaling System Seven (SS7) affected an unspecified number of German individuals.
A password like "123456" or "monkey" is easy to remember, but it's also easy to crack. With the help of a password manager, you can have a unique and strong password for every secure website. We've evaluated two dozen to help you choose.
They include over 100,000 military personnel.
The market of electronic consumers reaches maximum growth at the end of every year. Mobile phones and tablets turn to be the hottest Christmas gifts for family and friends, but how do you get your media onto the new phone? The best way to do it is a mobile-specific video converter and iPhone file
Relax Hack of Password Manager OneLogin Exposes User Info stories
Google's machine learning model in Gmail 'selectively delays messages … to perform rigorous phishing analysis.'
The ban blocks access to Nintendo's online services due to the use of "unauthorized system modification."
Researchers from security firm Check Point said 'hundreds of millions' of devices running media players such as VLC, Kodi, Popcorn Time, and Stremio are at risk.
A hack demonstrates that the iris scanner in Samsung's new flagship smartphone could unlock the device when presented with a photograph of the owner's eye.
Emails spoofed to look like they're coming from DocuSign are attempting to trick recipients into opening attached Word documents that contains malware.
Numerous hospitals across Britain were affected by the ransomware, requiring them to shut down their IT systems and turn patients away.
Rather than being malicious, this looks like negligence by developers. What's more concerning it it's been on HP systems since 2015.
The multi-stage attack, which leveraged weaknesses in Signaling System Seven (SS7) affected an unspecified number of German individuals.
The 'highly sophisticated' phishing campaign appears to have hit a number of journalists, along with individuals from other industries.
The practice of intercepting messages between Americans and foreigners that mention a terrorism suspect will end.
The US Air Force is gearing up to launch its first bug bounty program; registration opens May 15.
In the US, most requests come from search warrants and other court orders, although some are made using secret "national security letters."
Palantir will have to pay back wages and the value of stock options to several Asian candidates it passed over for employment, in addition to re-extending job offers.
The hacking group, known variously as Fancy Bear or Pawn Storm, uses sophisticated phishing attempts and targets victims seen as at odds with Russian interests, Trend Micro reports.
A breach discovered over the weekend may have exposed the messages and content in a small number of HipChat rooms, the company said.
37 restaurants confirmed as having malware installed on point of sale equipment and card details stolen between December and March.
Operational since 2012, the botnet was the brainchild of one of the world's most notorious cyber criminals, who was arrested in Spain last week.
A series of computer viruses targeting companies and organizations closely resembles the Vault 7 hacking tools that WikiLeaks disclosed.
Shadow Brokers tried unsuccessfully to ransom its trove of surveillance tools, so it released them for free.
The company is investigating a report that data for payment cards used at Gamestop.com has shown up for sale online.
Cloudflare says it patched a bug that could compromise user accounts at popular websites.
London's Barbican Centre has a new exhibition packed with sci-fi costumes and props.
You can use the same settings on all your Windows 10 devices or keep each one unique.
In this episode of Fast Forward, ProtectWise co-founder and CEO Scott Chasin explains why email may be the biggest security threat of all.
Both mobile and PC versions of internal Windows 10 builds were released by mistake, causing problems for Windows Insiders and even some bricked handsets.
Meet the man tasked with running one of the iconic stand-up spots in the world.
'Need for Speed' is back on November 10th.
Windows 10 remains the clear favorite operating system, but its use declined slightly while Windows 7 use grew.
The voice-powered virtual assistant is getting two handy features that should help you stay on top of everything you need to do.
For some people, the Eve V could surpass Microsoft's Surface Pro.
'Sense8' joins 'The Get Down,' 'Hemlock Grove,' 'Marco Polo,' and more on the list of canceled Netflix shows.