In an official blog post, single sign-on provider and password manager OneLogin has disclosed that hackers have gained access to its database and have stolen sensitive customer data. According to The Star, although OneLogin didn’t specify the data accessed in the breach, the company did inform its customers that the hackers have found a way to access encrypted data, including passwords.
“OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised”, the email read.
Later in the day, the company said in an update: “Our review has shown that a threat actor obtained access to a set of [Amazon Web Services, or AWS] keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US.”
The company said that the attack appears to have started at 2am (PT), but staff were alerted of unusual database activity some seven hours later, who “within minutes, shut down the affected instance as well as the AWS keys that were used to create it”. It further said that even though OneLogin encrypts “certain sensitive data at rest,” it could not rule out the possibility that the hacker “also obtained the ability to decrypt data”.
OneLogin, which also provides single sign-on services, integrates hundreds of different third-party apps and services, such as Amazon Web Services, Microsoft’s Office 365, LinkedIn, Slack, Twitter, and Google services.
Back in 2015, password manager LastPass also got compromised, although the hackers could not gain access to actual passwords.