OneLogin hack exposed sensitive US customer data and ability to decrypt data

OneLogin, an identity management company which provides a single sign-on platform for logging into multiple apps and sites, was hacked. US customer data was potentially compromised,“including the ability to decrypt encrypted data.”

The company, which claims “over 2000+ enterprise customers in 44 countries across the globe trust OneLogin,” announced the security incident on May 31. It was short on details, primarily saying the unauthorized access it detected had been blocked and law enforcement was notified.

You wouldn’t know a breach even happened if you browsed the company’s Twitter feed, but affected customers received an email which purportedly stated, “On Wednesday, May 31, 2017, we detected unauthorized access to OneLogin data in our US operating region. At this time, OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised.”

Yet the support page referenced in the email, a page which can only be viewed by customers logging in, allegedly added, “All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.”

Leave a Reply

Your email address will not be published. Required fields are marked *