One of the world's leading password management services has revealed details of a major data breach.
OneLogin, which offers access services to customers on a corporate level, has sent out a message to its US-based clients , warning them that its operations had seen some, "unathorised access"
In the email, the company was pretty straightforward, noting “All customers served by our US data centre are affected; customer data was compromised, including the ability to decrypt encrypted data.”
The part about being able to decrypt data is particularly worrying, as it suggested that whoever breached OneLogin had very deep access, and could be able to access information about users, apps, and many types of keys.
Detailing the event in a blog post, the company said:
“The threat actor was able to access database tables that contain information about users, apps, and various types of keys. While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data.”
If you think you've been affected, OneLogin has listed the following steps to take.
- Force a OneLogin directory password reset for your users;
- Generate new certificates for your apps that use SAML SSO;
- Generate new API credentials and OAuth tokens;
Generate and apply new directory tokens for Active Directory Connectors and LDAP Directory Connectors;
- Update the API or OAuth credentials you use to authenticate to third-party directories like G Suite (Google), Workday, Namely, and UltiPro;
- Generate and apply new Desktop SSO tokens;
- Recycle any secrets stored in Secure Notes;
- Update the credentials you use to authenticate to 3rd party apps for provisioning;
Update the admin-configured login credentials for apps that use form-based authentication;
- Have your end-users update their passwords for the form-based authentication apps that they can edit, including personal apps;
- Replace your RADIUS shared secrets.
Image Credit: Balefire / Shutterstock