Skip to main content

OneLogin hit by major data breach

(Image credit: Image Credit: Balefire / Shutterstock)

One of the world's leading password management services has revealed details of a major data breach.

OneLogin, which offers access services to customers on a corporate level, has sent out a message to its US-based clients , warning them that its operations had seen some, "unathorised access"

In the email, the company was pretty straightforward (opens in new tab), noting “All customers served by our US data centre are affected; customer data was compromised, including the ability to decrypt encrypted data.”

The part about being able to decrypt data is particularly worrying, as it suggested that whoever breached OneLogin had very deep access, and could be able to access information about users, apps, and many types of keys.

Detailing the event in a blog post (opens in new tab), the company said:

“The threat actor was able to access database tables that contain information about users, apps, and various types of keys. While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data.”

If you think you've been affected, OneLogin has listed the following steps to take.

  • Force a OneLogin directory password reset for your users;
  • Generate new certificates for your apps that use SAML SSO;
  • Generate new API credentials and OAuth tokens;
    Generate and apply new directory tokens for Active Directory Connectors and LDAP Directory Connectors;
  • Update the API or OAuth credentials you use to authenticate to third-party directories like G Suite (Google), Workday, Namely, and UltiPro;
  • Generate and apply new Desktop SSO tokens;
  • Recycle any secrets stored in Secure Notes;
  • Update the credentials you use to authenticate to 3rd party apps for provisioning;
    Update the admin-configured login credentials for apps that use form-based authentication;
  • Have your end-users update their passwords for the form-based authentication apps that they can edit, including personal apps;
  • Replace your RADIUS shared secrets.

Image Credit: Balefire / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.