Sometimes it feels as though nothing is safe from the prying eyes (and digital crowbars) of dedicated hackers. Single sign-on provider OneLogin has found this out the hard way, as its systems were breached this week, potentially exposing customer data.
"We detected unauthorized access to OneLogin data in our US data region," OneLogin disclosed in a blog posting this week. "We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident."
This initial notice was frustratingly lacking in detail, and customers were left to assume the worst with regards to the severity of the attack. However, OneLogin has since updated its blog posting with more details, including the unfortunate news that hackers were able to gain access to the company's AWS keys.
The hackers were then able to use those keys to "access the AWS API from an intermediate host with another, smaller service provider in the US." The company reports that the intrusion began at 2AM on May 31st, but it wasn't until seven hours later that OneLogin staff detected any anomalies and was able to cut off access. That is a rather lengthy period of time for the "threat actors" to have access to the company's database tables.
OneLogin also provided this rather dour warning:
While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data. We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers.
Those actions of course include resetting passwords, generating new API keys and creating new security certificates.
It is reported that OneLogin provides services to over 2,000 companies (including Yelp, Midas, Pinterest, Pacific Life, The Carlyle Group, Conde Nast, and Pandora) and has millions of individual users. OneLogin allows users to integrate with services like Amazon Web Services, Office 365 and Google ecosystem.