OneLogin suffers serious security breach

OneLogin suffers serious security breach

A problem was discovered with LastPass' browser extension in March, and now OneLogin has suffered a major data breach.

OneLogin is a password manager and single sign-on provider, which reported a data breach but has been unclear as to the nature of the attack.

"OneLogin believes that all customers served by our United States data center are affected and customer data was potentially compromised", the email read. Not anymore. OneLogin has posted a note on its website, which is a good thing, in which it explains that it is shocked and that it has called in the police already.

More news: 13 soldiers die in helicopter crash in Turkey's southeast: Army

In 2013 the company announced it had reached a user base of 12 million, including 700 corporate customers.

OneLogin's blog does say that customers have been told what to do in the wake of the attack and the email we've seen does "strongly advise" customers to visit support page to which we have linked.

"Am I the only 1 to find it disturbing OneLogin had a decryption method for customer data accessible enough to be grabbed via breach?" said one user on Twitter.

More news: IAS officer dies in Delhi pool, family cries foul

That long list might perhaps be why OneLogin's been a bit brief in public: it's a lot of stuff to get done and could set tongues-a-wagging if the extent of the risk became widely known. As you would expect, OneLogin does encrypt all of its sensitive data but at this time the company "cannot rule out the possibility" that the hacker also made off with the ability to decrypt data.

OneLogin is now working with independent third-party security experts and law enforcement to investigate the intrusion.

Alvaro Hoyos, OneLogin's chief information security officer, said in the blog post that the company discovered the breach yesterday, and that its investigation into what happened is ongoing.

More news: Player guide for Champions League holder Real Madrid

Customers have been advised to force a password reset for all users, generate new API keys and security certificates for their services, and create new OAuth tokens. It may be convenient to login once, since the service holds credentials to other cloud apps and sites, but why wouldn't an attacker be tempted to pull off one hack to get hold of so many credentials?

Related:

  • Trump to announce decision on climate change Thursday

    Trump to announce decision on climate change Thursday

    Tesla's founder, Elon Musk , threatened to quit White House advisory councils the president asked him to join if Trump pulls out. For the president, a withdrawal would reflect his "America First" approach to policy, unencumbered by worldwide obligations.

    Comey to testify to US Senate intelligence panel on June 8

    The committee said Mr Comey would testify in an open session at 10:00 local time (14:00 GMT), followed by a closed session. Mueller was chosen to lead the department's investigation on May 17 amid concern of political interference.

    China vows to adhere to Paris climate deal

    It commits them to cutting back on fossil fuels, developing more green technology and helping raise billions of pounds to help poorer countries cut emissions.
  • PPG throws in towel and abandons quest for AkzoNobel

    PPG throws in towel and abandons quest for AkzoNobel

    In April, Akzo put forward an alternative plan to the merger, promising to give shareholders 1.6bn euros in extra dividends. Under Dutch securities rules, PPG can not make another offer for Akzo for six months.
    Trump eyes White House overhaul, outside lawyers and PR team

    Trump eyes White House overhaul, outside lawyers and PR team

    The top Democrat on the House intelligence committee is Congressman Adam Schiff of California. The White House should thus be settling in for a long siege.

    'Something fishy' is going on with Trump's twitter account, researchers say

    - Between President Donald Trump's official and personal Twitter accounts he has tens of millions of followers. We know that Russian Federation has used fake Twitter followers in the past as a way to spread disinformation.
  • 16-year-old girl charged with fatally stabbing Uber driver

    16-year-old girl charged with fatally stabbing Uber driver

    An Uber spokesperson said that the company is working with police and providing whatever information might be helpful. Family members could be heard sobbing at times as prosecutors read out a two-page description of the murder.

    More Voters Want to See Trump Impeached

    Morning Consult also cited general incompetence as the primary reason Americans would like to see Trump impeached. Municipal resolutions alone would not force impeachment proceedings against Trump.

    Greg Gianforte Apologizes For Body Slamming Reporter After Winning Election

    Montana's major newspapers withdrew their endorsements of Mr Gianforte on Thursday. But after he was declared the victor , Gianforte apologized for the attack.
  • Syrian Kurdish fighters receive arms shipment, Pentagon says

    Syrian Kurdish fighters receive arms shipment, Pentagon says

    The SDF have now advanced to within a few miles of Raqa on several fronts, and this month captured the strategic town of Tabqa and an adjacent dam from the jihadists.

    Trump Slams Kathy Griffin Decapitation Photo as 'Sick'

    Trump's oldest son, Donald Trump Jr, called on sponsors of Griffin, including CNN , to condemn the comedian. Tweeting Wednesday morning, he said Griffin "should be ashamed of herself" for creating the video.

    British Airways to run full flight schedule

    Mr Cruz apologised "profusely" for the hardship caused to customers and insisted a similar incident would never happen again. Gatwick and Heathrow also told passengers not to travel to the airports unless they were rebooked on other flights.

Comments

Latest news

Insider Activity - Duke Realty Corporation Common (NYSE:DRE)
Quantitative Systematic Strategies Limited Liability Co invested 0.41% of its portfolio in Duke Realty Corp (NYSE:DRE). The stock of Terreno Realty Corporation (NYSE:TRNO) has "Neutral" rating given on Thursday, January 7 by Robert W.

Portland June 10 March Against Sharia Cancelled
Free speech or die in Portland . "I want to thank everyone for everything they've had to say today", she said. During the arraignment yesterday, the accused shouted, you call it terrorism, I call it patriotism.

President Trump will announce his decision on the Paris Accord Thursday
What is the Paris Agreement, anyway? China overtook the United States as the world's biggest emitter of greenhouse gases in 2007. They say the agreement would likely help create about as many jobs in renewable energy as it might cost in polluting industries.

Depth a key factor now for Ducks, Predators in West finals
I would expect a rather large welcome home turn out... game six is tomorrow night, 7pm start time at Bridgestone Arena . In between all the hits, the slashes and the post-whistle scrums, the teams found time to score a couple of goals.

Philippine airstrike kills 11 soldiers in 'friendly fire'
The minister raised the possibility of limiting airstrikes if government troops converge within cities controlled by militants. Lorenzana said the military might suspend air strikes , describing the rebels as a small force that "cannot hold that long".

Adobe Scan turns your documents, receipts & more into editable PDFs
Users can scan on a phone and upload to Document Cloud to edit on a laptop then continue working with the document on a tablet. Do you see yourself using it? Thanks to Adobe's new app , you'll never need to painstakingly scan in documents ever again.

Siri Speaker To Be Unveiled At WWDC, Apple Already Manufacturing Device Overseas
It will of course be able to control devices via Apple HomeKit and allow users to access Apple services such as Apple Music. Apple's answer to the Amazon Echo lineup and Google Home has advanced to the manufacturing stage , according to Bloomberg .

Trump Stands By 'Great' Jared Kushner Amid Tension Over Russia Probe
White House officials defended the concept of secret communications channels without commenting specifically on the Kushner case. Trump said in a tweet on Sunday, a day after he returned from his maiden overseas trip, which he described as a big success.

Washington's Bryce Harper gets suspension reduced 1 game
Strickland accepted responsibility for hitting Harper but expressed no regret. Both Harper and Strickland are appealing the decision . "I don't know.

IRL Angel Lorde Congratulates Cashier On New Job W/ Governors Ball Invite
After her visit, Lorde sent a direct message to Mangu on Twitter offering the free pass to watch her performance on 2 June. I'm crying [right now]! She was too nervous to do it in person, though (LOL!) so she invited her via Twitter messages.

Junction City holds annual ceremony at Vietnam Veterans Memorial
But that makes spaces like the memorial in Highland Park more essential he said, giving all veterans a place to gather. Memorial Day is celebrated each May to commemorate the people who died in service of the United States of America.

Uber fires autonomous car researcher involved in lawsuit
Levandowski further undermines its high-profile acquisition a year ago of his driverless-truck startup, Ottomotto LLC. Levandowski has asserted his rights under the Fifth Amendment since Waymo filed its lawsuit in February.

Climate change? Let me think about it, Trump tells G7
French President Emmanuel Macron reportedly discussed climate change with Trump at length on Thursday at a meeting in Brussels. But he also held one-on-one meetings with the leaders of Japan, the United Kingdom, Canada and Germany.

Election day ahead: Jeremy Corbyn to campaign in Scotland
Recent opinion polls across the United Kingdom have showed Theresa May's lead over Labour shrinking. Mr Corbyn was asked: "Theresa May says now is not the time for another independence referendum.

Most Active Stock: Chesapeake Energy Corporation (CHK)
Two Sigma Advisers LP bought a new position in Chesapeake Energy during the third quarter valued at approximately $4,937,000. The oil and gas exploration company reported $0.23 EPS for the quarter, beating the consensus estimate of $0.19 by $0.04.

Other news