OneLogin – the developers of the service OneLogin have admitted in their company blog that there had been a breach in their US operating region systems. The company which claims to serve about 2000 clients in 44 countries provides single sign-on and identity management for cloud-based applications.
Apart from communicating through their blog, the company has also sent an email to its clients stating the current situations. They have also strongly recommended certain steps for their clients to secure data and credentials.
The following is a snippet of the list of actions shared by the company for the clients to work upon immediately:
Although OneLogin has stated that the facts mentioned in their blog is ‘subject to change’, it has been accepted that the malicious actor might have attained the ability to decrypt the stolen sensitive data.
What Makes OneLogin and its Products So Important?
OneLogin is actively providing its services since 2009 and has grown by leaps and bounds in the past years. It was ranked 28th among 500 companies as the fastest technology growing companies worldwide. Some of its hi-profile clients include Pinterest, Zendesk, Dell Services, AAA, Conde Nast, Yelp, Citizen, Pandora and many more. Speaking of the products that it offers, the Open Source SAML Toolkits developed by them are used by more than 300 app vendors and 70 SaaS vendors. The SAML Toolkits are basically used to make the apps more secure by providing a robust data format for exchanging authentication and authorization data between parties (For Example: Between an identity provider and a service provider).
This is not the first time that a rogue actor has gained access to sensitive data maintained by OneLogin. Apparently, 2016 a security breach was confirmed by the company where the malicious actor broke into one of its standalone systems which performed various functionalities pertaining to analytics and log storage.