Password manager OneLogin suffers data breach

Password manager OneLogin suffers data breach [Image: matejmo via iStock]

Password manager OneLogin has suffered a data breach, which has affected all users of its US data centre, it has been reported.

Admitting the breach in a blog posted on its website, the company’s chief information security officer Alvaro Hoyos called it a “security incident”.

He said: “Our review has shown that a threat actor obtained access to a set of Amazon Web Service (AWS) keys and used them to access the AWS application program interface (API) from an intermediate host with another, smaller service provider in the US.”

OneLogin found the attack had happened on May 31st. Mr Hoyos explained that the hacker was able to create several instances in its infrastructure “to do reconnaissance”. He said that when it was alerted to unusual database activity, OneLogin shut down the affected instance as well as the AWS keys that were used to create it within minutes.

The company has encouraged affected users to visit a registration-only support page, which outlines the steps they should take now.

According to Mr Hoyos, the hacker was able “to access database tables that contain information about users, apps, and various types of keys”. It added that although the company does encrypt certain sensitive data at rest, it is unable to “rule out the possibility that the threat actor also obtained the ability to decrypt data”, which could cause real problems for those affected.

OneLogin allows users to sign in and access multiple apps and websites – including AWS, Microsoft Office 365, Slack, Cisco Webex, Google Analytics and LinkedIn – with a single password.

BBC News reported that in 2013, the company had more than 700 business customers.

Mr Hoyos said the company’s investigation is ongoing, adding that it is being aided by independent third-party security experts, as well as law enforcement.