OneLogin Password Manager User’s Database Breached


Password Manager using the OneLogin?

If you just change your account password for all.
OneLogin, password management and word-based identity management software companies, the company suffered a data breach is confirmed.

The company on Thursday announced it was discovered access without permission of US data area: ” It is.

The company is presented in more detail about the nature of the attack, although the computer, a statement released by the company shows that breaches of information development.

What did? “All users, secure links to all devices and all applications” is a service that OneLogin goal, yet it can be said that no services have revealed potential weaknesses of the first user data.
A security officer OneLogin, Alvaro Hoyos,: “Today we have access without permission from the US to our information OneLogin said data area after a short blog discovered Wednesday night,”.

What information? It is not clear precisely what the data in remote theft, a center page access to support customers, in detail with the US have been the one data information company used to all customers by serving, there appears to have been at risk.
Stolen information “encrypted data hidden ability.” enrollment

That the OneLogin? OneLogin prevents access to capital and operating without permission from the police to investigate your information and verify the effect of the amount and work with security companies.

He Hoyos said: “Now we have access without permission, restriction, we should be the case for an incident committed to implementing access report and our law and prove the independent security work at a rate of one company the impact. ”

“We continue to improve in the future to determine how to work actively to prevent similar incidents are.”

Now, what to do? First, the connection with OneLogin changes the password for all accounts.

Also Read: US Security Contractors Left Confidential Files On Amazon Servers Without Password

Protect yourself and take less risk of company information to customers, including a comprehensive list of actions:

  • Be all customers need to reset the password.
  • Application and Web security credentials new, OAuth sign, produced the document.
  • A crowded secret that OneLogin logs kept.

For, OneLogin customers of other questions can contact the company [email protected].

You phishing email, cybercriminals usually the next step should have special attention after the breach. Fishing a password or bank account information carefully designed to give the user deceived.
The company had a year in which the second information breach. In August 2016, for a OneLogin to the Company, has been violated to prevent use without permission of the independent system lost access to different information, “Collection and analysis of the log.”

‘Strong password’

Edinburgh Napier University Professor Bill Buchanan used the BBC to “understand the companies’ oral system, the risks to understand if the base is needed.”

“They are not to see that more sensitive information is encrypted before this cloud system, and its encryption key is distributed in a notorious agent.

He said: “It is a robust encrypted data to encrypt the key used to decrypts a simple password, but almost impossible”.

It was likely to compromise IT security advisor Bin Schlabs said the BBC included data using “hashing” secured from a password – information exchange letters or fixed length data for strings.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.