Encrypted information is said to have been accessed during a data breach at the password management service, OneLogin.
The apparent breach affects “all customers served by our US data centre” and perpetrators had “the ability to decrypt encrypted data”, according to The Register.
Those affected have been advised to visit a registration-only support page, outlining the steps they need to take. Security experts said the breach was “embarrassing” and showed every company was open to attack.
OneLogin is a single sign-on service, allowing users to access multiple apps and sites with just one password. In 2013, the company had 700 business customers and passed 12 million licensed users.
“We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened,” chief information security officer Alvaro Hoyos said on the company’s blog.
“We are actively working to determine how best to prevent such an incident from occurring in the future.”
Users who log in to the site have been given a list of steps designed to minimise the risk to their data. These include:
- forcing a password reset for all users
- generating new security credentials and certificates for apps and sites
- recycling secrets stored in OneLogin’s secure notes
In its email to customers, OneLogin told them that “because this is still an active investigation involving law enforcement, there are certain details we can’t comment on at this time. We understand how frustrating this might be and thank you for your patience while we continue the investigation.”
- Watch out for Phishing emails or scam calls claiming to be from OneLogin. Do not click on any links or attachments from emails you don’t trust, alternatively go to the site to update or change any details. More information can be found on the website Get Safe Online
- Ensure that you check bank statements regularly and watch out for any irregularity’s within your accounts.
- Criminals can use personal data obtained from a data breach to commit identity fraud. Consider using credit reference agencies such as Experian or Equifax, to monitor your credit file for any unusual activity.
For more information about our work, please visit www.safeinwarwickshire.com/cybercrime
Cyber Aware is a cross-government campaign, funded by the National Cyber Security Programme. They aim to measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses (SMEs).
Get Safe Online is the UK’s leading source of factual and easy-to-understand information on online safety. Their website offers advice on how you can protect yourself, your computers and devices, and your business against the likes of fraud, identity theft, viruses and other potential online problems.