Popular password manager suffers major security breach – have you been hacked?


Hackers have breached the security of popular password manager OneLogin.

OneLogin confirmed the hack in a post on its blog but didn’t specify exactly what data had been compromised during the breach.

However, reports say that OneLogin contacted all customers to inform them that hackers accessed encrypted data, which hints that user passwords and other sensitive data has been stolen.

Like other password managers, OneLogin securely stores passwords to multiple online accounts and enables users to login to the accounts with a single click.

Instead of having to remember a complicated password for each online account, users only have to remember a master password for the password manager.

The password manager then lets users access the online accounts as needed.

The fear now is that by obtaining the encrypted data, hackers have access to all the passwords for user’s various online accounts, such as social media pages, email and online banking.

“We have since blocked this unauthorised access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorised access happened’, Chief Information Security Officer, Alvaro Hoyos said in a blog post.

“We want our customers to know that the trust they have placed in us is paramount’, he added.

“While our investigation is still ongoing, we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future”.

OneLogin, which is thought to have more than 2000 customers in 44 countries, have provided steps on how customers can find out if they are affected.

Users first need to register on the company’s support page, as well as updating all passwords and security logins for accounts that use the service.

In 2015, LastPass suffered a data breach where some user information was stolen. However, the stolen data did not contain user passwords.

Via: The Register


Comments are closed.