OneLogin has suffered a serious security breach, with hackers possibly also acquiring the ability to unlock encrypted files that they were able to steal.
The password manager and single sign-on provider has now urged users to change their passwords, while the extent of the damage caused by the hack remains unclear.
OneLogin Hacked, User Data Compromised
In an official blog post, OneLogin chief information security officer Alvaro Hoyos detailed the security breach suffered by the company.
Hoyos, who said that the company's review about the incident is still ongoing, said that a hacker launched an attack on OneLogin on May 31, at 2:00 a.m. PST. OneLogin was not alerted to the unusual database activity generated by the attacker until around 9:00 a.m. PST, but the breach was shut down within minutes afterward.
According to Hoyos, the hacker was able to infiltrate database tables that contained information such as users, apps, and key types.
The initial statement released by OneLogin did not provide much detail regarding the incident, but an email sent to customers warned that customer data was potentially compromised by the attack.
There is also no official statement yet on how many accounts were affected by the security breach.
OneLogin Encryption Bypassed?
Making the attack against OneLogin more dangerous and potentially much more damaging is Hoyos's statement that while the company applies encryption to sensitive data, there remains the possibility that the hacker was able to obtain the ability to decrypt the stolen data.
A spokesperson for OneLogin did not confirm what kind of data received encryption and what kind did not. However, the incident had already raised questions on why a decryption method for OneLogin's encrypted data was stored in a location that would have exposed it in case of a security breach.
Due to the possibility of even encrypted data being compromised, OneLogin has urged customers and corporate clients to change passwords, create new API keys and security certificates, and generate new Oath tokens, which are used to log in to accounts.
Password Managers: Prime Targets For Hackers
Password managers such as OneLogin have grown in popularity as they allow users to just remember one password for all their online accounts. Password managers function as a master key while storing all the passwords for different accounts in an app or browser extension.
In addition to being a password manager, OneLogin enables corporate users to use one password to access several websites, online services, and applications. Hundreds of third-party apps and services, including Microsoft's Office 365, Amazon Web Services, Twitter, LinkedIn, Slack, and certain Google services could be integrated into OneLogin. It is believed that there are millions of OneLogin users, with more than 2,000 corporate customers spread across dozens of countries.
These characteristics make password managers prime targets for hackers, as they can compromise sensitive user information not just for one website, but for multiple online accounts and services. This means that companies in the industry should have topnotch security, but the fact that it took OneLogin seven hours to shut down the breach, with the possibility of hackers stealing decryption methods, does not exactly inspire confidence in its cybersecurity measures.