ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

PSA: OneLogin Breached.

(1/2) > >>

wraith808:
Single sign-on provider OneLogin has experienced a breach. If you or your company uses OneLogin to sign in to applications, or if you use any of their other services, you need to be aware of this and may need to take several actions immediately.

In the past 24 hours, OneLogin sent out the following notice about a security incident:

“On Wednesday, May 31, 2017, we detected that there was unauthorized access to OneLogin data in our US data region. All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to assess how the unauthorized access happened and to verify the extent of the impact. We want our customers to know that the trust they have placed in us is paramount, and we have therefore created a set of required actions.”

--- End quote ---

(More at link on Wordfence)

Stoic Joker:
O_o ...Why would they even have the ability to decrypt someone's data on the server side in the first place ... Isn't that supposed to be a no-no?

wraith808:
O_o ...Why would they even have the ability to decrypt someone's data on the server side in the first place ... Isn't that supposed to be a no-no?
-Stoic Joker (June 02, 2017, 06:44 AM)
--- End quote ---

It seems like it would be, especially for a SSO service.  I'm sure if queried, they would have some sort of BS answer.

Deozaan:
So... I don't use OneLogin, as far as I'm aware. I never even heard of it before this. But maybe some sites I use use it?

Is there a list of affected sites I need to check?

wraith808:
So... I don't use OneLogin, as far as I'm aware. I never even heard of it before this. But maybe some sites I use use it?

Is there a list of affected sites I need to check?
-Deozaan (June 02, 2017, 02:21 PM)
--- End quote ---

That's a good question.  OneLogin is an SSO provider that bridges the logins between multiple sites- usually businesses and such.  Like, I know my company uses it to bridge between a lot of different disparate services, so we don't have to continue to login.  But I don't know what SSO provider they use.

For personal use not in a corporate environment, I don't know of anything that I use that uses SSO.  But it's hard to tell, for example my bank interfaces with turbotax and quicken and another bank.  I presume that's done through SSO, as I had to set up the link.  But what do they use?  Beats the hell out of me.

Navigation

[0] Message Index

[#] Next page

Go to full version