OneLogin Hacked

The popular provider of single sign-on solutions, OneLogin, suffered a hacker attack. Then it was reported that unknown intruders managed to get unauthorized access to data on the American region.
Representatives of the company explained that the burglars somehow managed to get keys to AWS, which they used to access the AWS API. After that, the attackers became available database tables, which contained information about the users of the application, as well as “various types of keys.” It was reported that data from OneLogin customers could be compromised, even encrypted.
Now the head of information security Alvaro Hoyos (Alvaro Hoyos) told reporters ZDNet new details of what happened. According to Hoyos, the investigation of the incident has not yet been completed, and forensic experts have not yet been able to establish how the intruders infiltrated the OneLogin network, since AWS keys were only “part of the puzzle.”
Also, the head of the OneLogin IB confirmed that as a result of the attack thousands of users could be affected, that is, all those serviced by the attacked data center. In addition, the company continues to believe that the attackers could compromise various keys and private data, including passwords. Hoyos explained that the company encrypted passwords and Secure Notes content, but other information, such as user names and email addresses, was not protected at all.

Leave a Reply

Your email address will not be published.