BoraMurdar

Community Manager
Verified
Staff member
Access manager service OneLogin has announced that it has suffered a massive data breach that affects all users of whose data was stored on the US servers, making for a rather nasty situation.

"Our review has shown that a threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US," the announcement reads. It seems the attack started on May 31, 2017 around 2AM PST and was shut down around 9AM PST when the company's staff was alerted of unusual database activity. It only took them a few minutes to shut down the affected instance, as well as the keys that were used to create it.

OneLogin states that the attacker was able to access database tables that contain info about users, apps, and various types of keys.

The worst part is, however, that while this data was supposed to be encrypted, the company can't guarantee that the attacker didn't also obtain the ability to decrypt data.

"We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers," the company writes in a blog post.

Ongoing investigation
The company is currenly working with third-party security experts and law enforcement to figure out who's behind the attack and the type of information that was stolen in order to properly assess the risks this breach has brought to customers.

The email users received from OneLogin is a lot shorter and with fewer details, but the message is clear. "All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data."

This is a particularly serious situation for all the company's customers and it's advisable for everyone to go through the company's step-by-step on how to secure their data.