Skip to content

June 4, 2017

Major identity manager breach exposes sensitive user info

by John_A

Identity and password management services are, in theory, supposed to improve your security by promoting tough-to-guess passwords and otherwise keeping logins under lock and key. However, the concentration of high-value data also makes them a juicy target for hackers — and OneLogin is finding that out the hard way. The business-centric identity management provider has warned users of a US server breach that compromised sensitive info. While OneLogin initially provided only a handful of details in a blog post, Motherboard learned that an email warned customers their info had been taken. Moreover, the attackers compromised the “ability to decrypt” data — don’t count on your login being safe just because there was encryption involved.

The email recommends aggressive steps to protect accounts, including generating new keys, tokens and security certificates. Naturally, OneLogin also wants individual users to change their passwords. None of these are small feats if you’re a customer — effectively, you’re rebooting your entire sign-in infrastructure.

This doesn’t necessarily mean that you should stop using identity and login management services, or that every service will face a similar fate if there’s a hack. OneLogin notably keeps the decryption keys on its systems, while services like LastPass don’t. You may be hosed if you forget your master login for a site like LastPass, but you won’t have to worry so much if there’s a breach. Regardless of what you use, the incident is a reminder that you’re striking a balance: you’re trusting someone else with your data in return for greater convenience.

Via: Motherboard, Krebs on Security

Source: OneLogin Blog

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: