Password manager OneLogin suffers major hack

The perpetrators may have the ability to decrypt its encrypted data The sorry state of many people’s passwords can make things easy for ha...

The perpetrators may have the ability to decrypt its encrypted data

The sorry state of many people’s passwords can make things easy for hackers, which is why using a password manager is always recommended. But even these aren’t without their vulnerabilities. A problem was discovered with LastPass’ browser extension in March, and now OneLogin has suffered a major data breach.

In a blog post published Tuesday, the single sign-on service wrote that it had detected unauthorized access to OneLogin data in its US data region. The company added it had since blocked the access, and had reached out to impacted customers, though it hasn’t revealed how many were affected.

In a later update, OneLogin revealed that the hacker “obtained access to a set of AWS (Amazon Web Services) keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US.”

What's most worrying is that while the company says it encrypts “certain data at rest,” it could not rule out the possibility that the hacker also obtained the ability to decrypt the data.

OneLogin’s website states that over 2000 global enterprise customers secure their applications with its software, including Conde Nast, ARM, The Carlyle Group, and Pinterest. It also integrates with apps and services such as Amazon Web Services, Office 365, LinkedIn, Slack, Twitter, and Google.

Customers have been advised to force a password reset for all users, generate new API keys and security certificates for their services, and create new OAuth tokens. Some users have complained about having to log in to the site to see the security article, and that OneLogin should make it publicly available.


http://www.techspot.com/news/69549-password-manager-onelogin-suffers-major-hack.html
Name

English News techspot.com
false
ltr
item
Techno - Gampong IT - Reference Information Technology: Password manager OneLogin suffers major hack
Password manager OneLogin suffers major hack
http://www.techspot.com/images2/news/bigimage/2016/11/2016-11-07-image-4.jpg
Techno - Gampong IT - Reference Information Technology
http://techno.gampongit.com/2017/06/password-manager-onelogin-suffers-major.html
http://techno.gampongit.com/
http://techno.gampongit.com/
http://techno.gampongit.com/2017/06/password-manager-onelogin-suffers-major.html
true
7281475864779722461
UTF-8
Tidak ditemukan artikel apapun LIHAT SEMUA Selengkapnya Balas Batal Balas Hapus Oleh Beranda HALAMAN ARTIKEL Lihat Semua REKOMENDASI LABEL ARSIP SEARCH SEMUA ARTIKEL Tidak ditemukan posting yang sesuai dengan permintaan Anda Halaman Utama Minggu Senin Selesa Rabu Kamis Jumat Sabtu Min Sen Sel Rab Kam Jum Sab Januari Februari Maret April Mei Juni Juli Agustus September Oktober November Desember Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des baru saja 1 menit lalu $$1$$ minutes ago 1 jam lalu $$1$$ hours ago Kemarin $$1$$ days ago $$1$$ weeks ago lebih dari 5 minggu yang lalu Pengikut Ikuti KONTEN PREMIUM Silakan share untuk membuka Salin Semua Code Pilih Semua Code Semua kode disalin ke clipboard Anda Tidak dapat menyalin kode/teks, silakan tekan [CTRL] + [C] (atau CMD + C dengan Mac) untuk menyalin