Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Sensitive User Data Exposed in OneLogin Breach

Identity management firm OneLogin informed customers on Tuesday that some of the information they stored on the company’s servers may have been accessed by hackers.

Identity management firm OneLogin informed customers on Tuesday that some of the information they stored on the company’s servers may have been accessed by hackers.

The breach is related to Secure Notes, a feature that allows users to store sensitive information such as passwords and license keys. While these notes are protected using multiple levels of AES-256 encryption, a bug caused the data to be visible in clear text in OneLogin’s log management system before it was encrypted and stored in the database.

According to the company, hackers gained access to the system used for log storage and analytics and may have viewed the logs containing the secure notes after stealing an employee’s password.

OneLogin, which has over 1,400 enterprise customers in 44 countries around the world, says there is no evidence that other systems have been compromised. Nevertheless, the company has hired a security firm to assist its investigation into this incident.

The investigation so far revealed that the attacker had access to the log management system between July 2 and August 25. Notes updated in this timeframe are believed to be at risk, but the company says only a small subset of its customers are impacted.

The flaw causing notes to be logged in clear text has been addressed and access to the logging system has been limited to certain IP addresses and SAML-based authentication. In addition, passwords have been reset for all systems that don’t support SAML or other form-based authentication.

OneLogin started notifying impacted customers on August 29, after the initial scope of the incident was established. The company has promised to keep them updated on the investigation.

In addition to its infrastructure, flaws have also been found recently in OneLogin products. In June, a researcher revealed that hackers could have breached Uber’s WordPress-powered websites due to a serious vulnerability in OneLogin SAML SSO, a plugin that provides single sign-on via SAML. The weakness allowed attackers to bypass authentication and gain access to user accounts if they could guess the associated role names.

Advertisement. Scroll to continue reading.

Related: 68 Million Exposed in Old Dropbox Hack

Related: User Data Possibly Stolen in Opera Sync Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.