The SSO company which had the password manager (Password manager) OneLogin violated by hackers!
In a brief post on their blog, the company's chief security officer, Alvaro Hoyos, said he had "detected unauthorized access to OneLogin data on US servers."
The blog post does not contain any more information or technical details about the incident, and fails to report whether the hackers have intercepted sensitive customer data of the company, which refers only to the email sent to the company by e-mail to its customers , according to ZDNet.
"OneLogin believes that all customers served by the US data center are affected and customer data may have been leaked," the email said.
Hackers are not able to decrypt the encrypted data, says a company support page that only OneLogin customers have access to (a copy of the publication there is in pastebin).
The company advises its customers to change their passwords, generate new API keys for the services τους και να δημιουργήσουν νέα OAuth tokens που χρησιμοποιούν για τη connection in their accounts. It also states that they will have to create new security certificates. The company also said that information stored in the Secure Notes feature, used by IT administrators to store sensitive network passwords, can be decrypted.
Of course, questions remain about how hackers managed to gain access to such sensitive data, and why it can be decrypted.
OneLogin allows enterprise users to access multiple web applications, websites and services with a single password. It is believed that the company has millions users and serves more than 2.000 companies in dozens of countries, according to CrunchBase.
The company provides seamless connectivity to hundreds of different third-party applications and services, including Amazon Web Services, Microsoft Office 365, LinkedIn, Slack, Twitter, and Google υπηρεσίες.