Data breach hits OneLogin

Password management login service, OneLogin, faces losing encrypted information because of a data breach.

The single sign-on service that allows access to multiple apps and sites with one password showed that every company was under attack.

All customers affected have been asked to visit a registration only support page, which outlines steps to prevent leaked data: forcing all users to reset a password, generating certificates and new security credentials for apps and sites and recycling secrets stores in OneLogin’s secure notes.

Popular sites such as Amazon Web Services, Slack, Microsoft Office 365, Cisco Webex, LinkedIn and Google Analytics have been integrated into the service.

“We have since blocked this unauthorised access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorised access happened,” said Chief Information Security Officer, Alvaro Hoyos.

“We are actively working to determine how best to prevent such an incident from occurring in the future,” he added.

The company had 12 million licensed users and 700 business customers in 2013.

Written from source by Leah Alger
Source: BBC