Data Breach Exposes Customer Passwords And Encrypted Data

Posted June 03, 2017

OneLogin, an identity management software company, announced yesterday that it suffered a data breach.

"Today we detected unauthorised access to OneLogin data in our USA data region".

Hackers have gained access to OneLogin, an online password manager that offers a single sign-on to multiple websites and services.

The OneLogin customer support page paints an even bleaker picture saying, "All customers served by our USA data center are affected; customer data was compromised, including the ability to decrypt encrypted data". Staff were not aware of the breach until seven hours later at 9am PST and it was shut down within minutes.

PPG walks away from S$41 billion bid for paintmaker Akzo Nobel
Under Dutch law, PPG had to make a decision today to pursue a formal takeover attempt or pause for a six month cooling off period. USA chemicals giant PPG Industries (NYSE:PPG) has conceded defeat in its attempt to take over Dulux paints maker Akzo Nobel.

The company has come under fire following its announcement, both for having a system vulnerable to attack and in which the use of encryption appears to have been unable to protect the data at rest and for having required users to pass through a OneLogin barrier in order to read the company's advice and warnings relating to the attack.

OneLogin's blog does say that customers have been told what to do in the wake of the attack and the email we've seen does "strongly advise" customers to visit support page to which we have linked.

"The threat actor was able to access database tables that contain information about users, apps, and various types of keys".

Some of these steps include generating new desktop single-sign-on tokens for users, forcing password resets and generating new application programming interface keys. As you would expect, OneLogin does encrypt all of its sensitive data but at this time the company "cannot rule out the possibility" that the hacker also made off with the ability to decrypt data. "We want our customers to know that the trust they have placed in us is paramount", Hoyos wrote.

Test of missile defense program a hit for Pentagon, Raytheon
Today's $244 million U.S. test has been heralded as a success after it brought down the mock intercontinental ballistic missile. Despite Tuesday's victory, there are still doubts about the United States' ability to effectively defend the nation.

There is also no official statement yet on how many accounts were affected by the security breach.

OneLogin didn't immediately respond to questions.

For this reason, customers were advised to change their passwords, generate new API keys for their services, and create new tokens used for logging into accounts. The company is working with law enforcement and a private security firm to investigate the hack, it said in a brief blog post.

White House communications director resigns amid tensions
Just back from his nine-day trip to the Middle East and Europe, Trump dismissed recent reports as "fake news". Dubke founded Crossroads Media, a GOP firm that specializes in political advertising.