Connect with us

Hi, what are you looking for?


Data Protection

Sensitive User Data Exposed in OneLogin Breach

Identity management firm OneLogin informed customers on Tuesday that some of the information they stored on the company’s servers may have been accessed by hackers.

Identity management firm OneLogin informed customers on Tuesday that some of the information they stored on the company’s servers may have been accessed by hackers.

The breach is related to Secure Notes, a feature that allows users to store sensitive information such as passwords and license keys. While these notes are protected using multiple levels of AES-256 encryption, a bug caused the data to be visible in clear text in OneLogin’s log management system before it was encrypted and stored in the database.

According to the company, hackers gained access to the system used for log storage and analytics and may have viewed the logs containing the secure notes after stealing an employee’s password.

OneLogin, which has over 1,400 enterprise customers in 44 countries around the world, says there is no evidence that other systems have been compromised. Nevertheless, the company has hired a security firm to assist its investigation into this incident.

The investigation so far revealed that the attacker had access to the log management system between July 2 and August 25. Notes updated in this timeframe are believed to be at risk, but the company says only a small subset of its customers are impacted.

The flaw causing notes to be logged in clear text has been addressed and access to the logging system has been limited to certain IP addresses and SAML-based authentication. In addition, passwords have been reset for all systems that don’t support SAML or other form-based authentication.

OneLogin started notifying impacted customers on August 29, after the initial scope of the incident was established. The company has promised to keep them updated on the investigation.

Advertisement. Scroll to continue reading.

In addition to its infrastructure, flaws have also been found recently in OneLogin products. In June, a researcher revealed that hackers could have breached Uber’s WordPress-powered websites due to a serious vulnerability in OneLogin SAML SSO, a plugin that provides single sign-on via SAML. The weakness allowed attackers to bypass authentication and gain access to user accounts if they could guess the associated role names.

Related: 68 Million Exposed in Old Dropbox Hack

Related: User Data Possibly Stolen in Opera Sync Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...