OneLogin Reports Breach and “Unauthorized Access” to Data
IDaaS provider OneLogin has reported a security incident resulting in “unauthorized access” to OneLogin data in the US Data Region, according to a blog post published by OneLogin CISO Alvaro Hoyos yesterday.
The company’s statement offered few details on the breach, only that the company has since blocked this unauthorized access, reported the matter to law enforcement, and are working to investigate the breach with another independent security firm. However, the company also mentions that it has reached out to impacted customers with specific recommended remediation steps.
In those emails, and related support-page (password-protected, but visible here), the company gave more details about the breach, and revealed that “all customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.” … That’s kind of a big deal.
The companies support page offers a long list of actions to take in order to secure their accounts, including:
— D🍩M (@nerdybeard) June 1, 2017
We will be following any updates on this breach closely, so stay tuned.