OneLogin Security Breach

OneLogin recently suffered from a major security breach. This breach has compromised private and confidential information, which is managed by its datacenter. OneLogin provides a service that is used by organizations to secure their data. It is basically a password manager for corporations. It allows employees, customers, and partners to gain secure access to the company’s cloud and applications on any device.  It allows its customers to integrate other websites and services like Microsoft Office 365, Slack, Amazon Web Services, Cisco, Webex, LinkedIn, and Google Analytics. The OneLogin website says that it currently has over 2,000 enterprise customers across 44 different countries. This includes well-known companies like Indeed, Pinterest, Midas, and Yelp.

How did this breach occur?

The breach occurred because the intruders were able gain unauthorized access to the OneLogin datacenter. Alvaro Hoyos, who leads the company’s risk management, security, and compliance efforts posted a blog about the risks. He wrote that a threat actor used one of our AWS keys to gain access to the AWS platform via API from an intermediate host with another, smaller service provider in the United States.  He said his company’s staff was able to detect and stop the intrusion very quickly.

What was the hacker able to gain access to?

The perpetrator was able to gain access to database tables, which contained information about users, apps, and various types of keys. Although, OneLogin encrypts sensitive data, it is unsure if the perpetrator had the ability to decrypt the data. Encryption is the process of converting electronic data into a different form called ciphertext, which cannot be easily understood by anyone besides the authorized parties. Decryption is the process used to convert ciphertext back into plaintext, which makes the data readable. In general, when trying to encrypt something, the goal is make the encryption as difficult as possible to solve without using a key.

What measures has OneLogin taken since the attack?

OneLogin has already contacted its customers to give them recommendations about what actions they should take to minimize risk.  The blog by Alvara Hoyos also states that OneLogin has already implemented improvements to strengthen the infrastructure and has future plans to continue to strengthen its system. OneLogin is going to continue its investigation and has enlisted the help of independent third-party security experts and law enforcement.

In fact, traditional IT professionals were already wary of running business software offsite in a cloud environment like OneLogin. Of course, cloud providers take the opposite position and allege they have better security infrastructures than most businesses. They also claim that there are more security concerns when technology is run on the business premises. In 2015, there was a data breach of a different password management service known as LastPass. During that data breach, there were also concerns about the storage of passwords in the cloud. One security expert described using a single sign-on cloud based service as a person putting all of the eggs into one basket.  If a cybercriminal gains access to te basket, then he/she will obtain access to all the eggs.  So, from a practical perspective, is to not use a single sign-one cloud based service.

At our law firm, we assist clients with legal issues related to business, internet, technology, and cybersecurity. Please contact us to set up an initial consultation.