Friday, June 02, 2017

OneLogin Password Manager Breach Enabled by Stolen AWS Cloud Keys

By: Sean Michael Kerner | June 02, 2017

NEW ANALYSIS: Online password manager service suffers a data breach after an attacker is able to get access to the company's cloud services.

Online password manager service OneLogin reported on May 31 that it was the victim of a data breach that exposed its users and their data to risk.

Initially the company provided few details, other than disclosing the fact that there was an unauthorized access to OneLogin customer data. Late on June 1, the company provided more details, revealing that attackers had infiltrated OneLogin's cloud backend and had unfettered access for seven hours prior to being detected.


"OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it," Alvaro Hoyos,Chief Information Security Officer at OneLogin wrote in a blog post. "The threat actor was able to access database tables that contain information about users, apps, and various types of keys."

Hoyos added that it's also possible the attacker was able to get the information needed to also be able to decrypt user data.


No comments:

Post a Comment