OneLogin Hack – Encrypted Data Compromised

Use Netsparker


The OneLogin hack is blowing up now it seems like whoever got access can also decrypt encrypted customer data which is just about AS BAD as it can get for a password/identity management service.

OneLogin Hack - Encrypted Data Compromised

Now I’m a HUGE supporter of password management tools as I’ve mentioned many times here, so anyone who signed up for this one – sorry.. I recently switched to Dashlane, which seems great – and now I’m recommending that so I hope it’s as safe as they claim.

Identity management outfit OneLogin has revealed it’s suffered a security incident that’s seen “unauthorized access to OneLogin data in our US data region”, but has offered rather scarier information in different documents.

The company blog describes only “unauthorized access”. In emails sent to customers seen by The Reg the company adds news that “customer data was potentially compromised.” And on a registration-required support page the threat is described as follows:

“All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.”
Decrypt data? Woah! That’s a bit more than mere unauthorized access.

OneLogin’s blog does say that customers have been told what to do in the wake of the attack and the email we’ve seen does “strongly advise” customers to visit support page to which we have linked.


So a service got hacked? No big deal right? Some user data got leaked though, oh well that’s not that common. Sadly that’s not where it ends, OneLogin has said the attackers have the ability to decrypt encrypted data.

WHAT? How does that even happen, does that mean the keys were right there on the server with the data? that’s just insanity.

The company says it is “working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident.” In the email to customers it adds that it can’t reveal all, due to the involvement of law enforcement agencies. The blog says the company is “actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented.”

OneLogin offers a single sign-on and other authentication management services it says gives “employees, customers and partners with secure access to your cloud and company apps on any device.”

It’s not the only such outfit: The Register in no way suggests that the likes of Okta, VMware and Citrix have been attacked, but notes all offer single-sign-on across lots of cloudy apps and are therefore obviously a tasty target for criminals who want to get their hands on lots of credentials with one hit.

So this company claiming to provide secure access has been totally owned, doesn’t give you much confidence does it?

They are also hiding behind claims of law enforcement involvement to avoid sharing more details about the breach. We shall have to see if anything comes out in the future (which from past experience is highly unlikely).

Source: The Register

Posted in: Cryptography, Exploits/Vulnerabilities, Privacy, Web Hacking

, ,


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


2 Responses to OneLogin Hack – Encrypted Data Compromised

  1. Ashok June 8, 2017 at 10:31 pm #

    Did you say Dashlane in place of OneLogin in 2nd paragraph in this sentence? Sadly that’s not where it ends, Dashlane has said the attackers have the ability to decrypt encrypted data.

    • Darknet June 9, 2017 at 1:32 pm #

      Yes, you’re right, apologies if that was confusing I’ve corrected it.