OneLogin, Inc. recently announced a security incident involving a malicious actor who had obtained access to their US operating region.
OneLogin, Inc. is the developer of the service OneLogin, which provides single sign-on and identity management for cloud-based applications. According to their blog post, “a threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US.”
The attack started on May 31, 2017, around 2 AM PST. At around 9 AM PST, a OneLogin staff detected the activity and shut down the affected instance as well as the AWS keys used.
As for the damage, OneLogin says that the threat actor was able to access database tables that contain information about users, apps, and various types of keys. These are encrypted information although the company says that there’s a possibility that the threat actor also obtained the ability to decrypt data.
That being said, OneLogin has already notified its customers and recommended actions. The company is also working with independent third-party security experts, as well as law enforcement with the ongoing investigation.
OneLogin, Inc. has 2000 enterprise customers in 44 countries, including AAA, Citizen, Conde Nast, Herman Miller, Yelp, Zendesk, Dell Services, Susan G. Komen, Pandora, Steelcase and Pinterest.
source: OneLogin
