OneLogin Reports Breach and “Unauthorized Access” to Data

IDaaS provider OneLogin has reported a security incident resulting in “unauthorized access” to OneLogin data in the US Data Region, according to a blog post published by  OneLogin CISO Alvaro Hoyos yesterday.

The company’s statement offered few details on the breach, only that the company has since blocked this unauthorized access, reported the matter to law enforcement, and are working to investigate the breach with another independent security firm. However, the company also mentions that it has reached out to impacted customers with specific recommended remediation steps.

In those emails, and related support-page (password-protected, but visible here), the company gave more details about the breach, and revealed that “all customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.” … That’s kind of a big deal.

The companies support page offers a long list  of actions to take in order to secure their accounts, including:

We will be following any updates on this breach closely, so stay tuned.

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

One thought on “OneLogin Reports Breach and “Unauthorized Access” to Data”

Comments are closed.