Hackers Had Access to OneLogIn Data for More Than a Month

Written by

Just as password managers were having a good moment in the wake of the Dropbox breach revelations, OneLogIn, the single sign-on company, threw cold water on it all with an admission of a compromise of its own.

The company announced that an incursion gave hackers access to cleartext notepads for a segment of its 12 million users (it didn’t specify an exact number) for at least a month. The perpetrators had access to the files from “at least” July 25 to Aug. 25, and possibly had access as early as July 2.

Secure Notes is used by end users who can use it to store information. These notes are stored in the system using multiple levels of AES-256 encryption. However, a bug (now patched) caused these notes to be visible in OneLogIn’s logging system prior to being encrypted and stored in its database.

James Romer, chief security architect for Europe at SecureAuth, told us via email that the breach has, potentially, far-ranging consequences.

“[This has] the potential to severely impact not only OneLogin’s users, but also every company which has users who store passwords or personal information in the repository,” he said. “Individuals often turn to password manager services to store their multiple, and often complex, account login credentials so that they don’t get tempted to reuse the same details time and again. How ironic that the only barrier this attacker had to overcome was the simple username and password form of authentication.”

The breach occurred when a bad actor used legitimate credentials to access OneLogin’s systems (and therefore access to the corporate network) and then gained access to increasingly higher levels of information. Ross Brewer, VP and MD of EMEA, LogRhythm, said that the biggest concern is not that the company was breached, but that the breaches were able to go undetected.

“Unfortunately, hackers’ tactics are becoming more and more sophisticated and breaches are almost inevitable. It only takes one hacker to get their hands on a set of unprotected log-in details dumped on the web for a company to find themselves the victim of a breach—as OneLogin has now found,” he said via email. ““Businesses are wising up to the fact that hackers will get in, but they need to make sure they have the right tools in place to stop them before any damage has been done. Businesses need to shift their investments to full network monitoring and response capabilities so that they can identify breaches the moment they happen.”

Photo © wk1003mike

What’s hot on Infosecurity Magazine?