"One customer affected by the OneLogin attack told Ars that he was having to "rebuild the whole authentication security system... OUCH!"OneLogin suffers breach—customer data said to be exposed, decrypted | Ars Technica
OneLogin told fretful customers in an internal notification that they would need to work through a number of steps to secure their accounts, including generation of new API credentials and OAuth tokens. Any users served by the firm's US data centre have been hit by the breach, OneLogin said.
"While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data," OneLogin said. "We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers.""
Friday, June 02, 2017
OneLogin suffers breach—customer data said to be exposed, decrypted | Ars Technica