So... I don't use OneLogin, as far as I'm aware. I never even heard of it before this. But maybe some sites I use use it?
Is there a list of affected sites I need to check?
That's a good question. OneLogin is an SSO provider that bridges the logins between multiple sites- usually businesses and such. Like, I know my company uses it to bridge between a lot of different disparate services, so we don't have to continue to login. But I don't know what SSO provider they use.
For personal use not in a corporate environment, I don't know of anything that I use that uses SSO. But it's hard to tell, for example my bank interfaces with turbotax and quicken and another bank. I presume that's done through SSO, as I had to set up the link. But what do they use? Beats the hell out of me.