Biz-novosti

Password manager OneLogin hacked, exposing sensitive customer data


If you use OneLogin to keep all your, well, login information straight, it's time to change your password, as the password manager's US data centers are at the center of the latest hack attack.

"OneLogin believes that all customers served by our U.S. data center are affected and customer data was potentially compromised", the email read.

OneLogin later updated its post about the latest security incident, saying the facts are subject to change as the incident is investigated, but revealed the method of attack.

Affected OneLogin users can visit this page for a handy 11-step guide to securing your data, if that's possible, or read through it over at El Reg.

Published reports, however, say OneLogin informed customers that the hackers indeed got that capability.

In 2015, rival LastPass said hackers obtained some user information - although not actual passwords.

Merkel: Germany, China must expand partnership in 'times of global uncertainty'
Li used Thursday's meeting with Merkel to reaffirm China's commitment to "steadfastly" implement the Paris climate agreement, even if the U.S. pulls out.

OneLogin is a username and password management company. A message sent from OneLogin to its customers said "customer data was compromised, including the ability to decrypt encrypted data".

The company is also encouraging users to update any API and OAuth credentials associated with third-party directories, such as G Suite, generate and apply new Desktop SSO tokens, recycle any secrets stored in Secure Notes, update any credentials used to authenticate to third-party apps for provisioning and update any admin-configured login credentials that may be used for form-based authentication.

That long list might perhaps be why OneLogin's been a bit brief in public: it's a lot of stuff to get done and could set tongues-a-wagging if the extent of the risk became widely known.

What's most worrying is that while the company says it encrypts "certain data at rest", it could not rule out the possibility that the hacker also obtained the ability to decrypt the data. "We want our customers to know that the trust they have placed in us is paramount", Hoyos wrote.

Customers have been advised to force a password reset for all users, generate new API keys and security certificates for their services, and create new OAuth tokens.

There are a number of potential vectors by which an attacker could have breached OneLogin's security. Two-factor authentication is another trade-off - this time more security for less convenience.

Related Articles

  • Japan, US Conduct Joint Naval Drill Off Korean Peninsula

    Japan, US Conduct Joint Naval Drill Off Korean Peninsula

    The joint training comes after North Korea successfully carried out three ballistic missile tests in a month. Treasury Department imposed more sanctions on North Korea's military, coal companies and financial firms.

    Trump Admin. to return Russian compounds in US

    Kremlin aide Yury Ushakov told the Sputnik news agency that Russian Federation had the right to take back the St. The State Department separately ejected 35 diplomatic personnel suspected of being intelligence operatives.

    LeBron James overtakes Michael Jordan as Cavaliers reach National Basketball Association finals again

    Once again, it has been left to the Cavaliers to put a stop to Golden State's dominance after the rest of the West could not. The addition of those pieces alone won't be enough to get past a Cavs team that's full of players in their prime in my mind.
  • Computex: AMD RX Vega Consumer Launch July 2017, Threadripper Summer 2017

    Computex: AMD RX Vega Consumer Launch July 2017, Threadripper Summer 2017

    Siggraph runs through August 3rd, so I am not sure we are going to see that as a hard launch, but we can be hopeful. Previously codenamed "Naples", the first EPYC processor-based servers are scheduled to launch June 20.
    Gujarat GSEB SSC Class 10 exam results declared

    Gujarat GSEB SSC Class 10 exam results declared

    Most of the schools are affiliated to GUJARAT and the Class 12th examinations are conducted by the Board every year. In their press release, the Gujarat Board had clearly stated that the results will be out on their official website.
    BCCI set to play govt card against PCB in series talks

    BCCI set to play govt card against PCB in series talks

    However, Pakistan Cricket Board (PCB) chairman Shaharyar Khan has said that politics will not be allowed to interfere in cricket. However, the series was cancelled after discussions between the two boards did not meet fruition.
  • [Graphic News] Kim Jong-un's fascination with missiles

    [Graphic News] Kim Jong-un's fascination with missiles

    North Korean leader Kim Jong-un had earlier vowed to field a nuclear-armed missile capable of reaching American territory. Japan's Prime Minister Shinzo Abe swiftly condemned the test and vowed concerted action with its USA ally.
    North Korea missile test is huge step forward

    North Korea missile test is huge step forward

    UN Secretary-General Antonio Guterres condemned Pyongyang over the missile launch and urged it return to denuclearization. Asked if North Korea's missile programme was developing faster than the South had expected , he said: "Yes".
    Chelsea interested in making star winger their first signing

    Chelsea interested in making star winger their first signing

    Perisic had also received an offer from Paris Saint-Germain, but the winger has opted to move to Old Trafford this summer. The Colombian had been linked with a move to United in recent weeks, but it appears Jose Mourinho would prefer Perisic.
  • Florida Gov. signs 33 bills including vote-by-mail fix

    Florida Gov. signs 33 bills including vote-by-mail fix

    The deal also will fund Visit Florida , the state's tourism promotion agency, to the tune of $76 million. That money will be used to fund Scott's priorities.

    Israeli joy at Trump visit, but substance lacking

    The GCC member states are Saudi Arabia, Bahrain, Kuwait, Oman, Qatar and the United Arab Emirates. Trump's short time in Saudi Arabia left the central contradiction of his approach unexplored.
    White Sox agree to deal with Cuban outfielder Luis Robert

    White Sox agree to deal with Cuban outfielder Luis Robert

    The White Sox used a mix of their Cuban club tradition and new-school technology to lure prized prospect Luis Robert . He's headed back to the Dominican Republic to begin his development with the Sox' Dominican Summer League Team.

Comments