OneLogin Has Been Breached, Cleartext Passwords Exposed

The cloud-based password manager OneLogin was hacked by criminals. The stored account credentials on their servers were exposed to the hackers who were able to access them in clear text. About 12 million customers use the service, and their data was compromised.

OneLogin Has Suffered a Really Bad Hit

OneLogin is an enterprise single sign-on (SSO) and cloud-based identity and access management solution that is trusted by some of the most popular companies worldwide. The service offers advanced features such as multi-factor authentication, virtual LDAP services, app catalogs and more. Customers of OneLogin include Awana, Yammer, Disys, Steelcase and other major companies in their respective fields.

The cloud password management service has been breached by criminals
. Their security staff has discovered the issue in the Secure Notes facility. The intruders were able to read all stored credentials in clear text that were edited between June 2 and August 25 this year. Secure Notes has been used to hold sensitive information such as license keys and passwords for firewalls and other equipment. Security experts worry that the compromised accounts could be used for sophisticated network attacks against the victims.

The incident has been caused due to a bug that allowed user notes to be visible in the log files before they are encrypted with the AES-256 cipher. The company has issued a statement warning users that updated notes between June 2 to June 24 are also at risk.

OneLogin is now working with a security company to ensure that their services remain secure. They have restricted access to the affected log management system and have reset all internal system passwords that do not abide by the security policy.

The cloud service has sent an email to all of their users to inform them of the inflicted damage.

56588978908906656778567

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *