OneLogin hacked, change your password!
OneLogin Inc, the US-based password and identity management software company, has confirmed that a malicious actor has managed to illegally access OneLogin data.
It has been announced that all customers served by company’s US data center are affected and the database tables accessed included information about users (customer data), apps, and various types of keys.
It is also reported on OneLogin support page that the breached data included “the ability to decrypt encrypted data”, which may mean revealing of user passwords!
What you need to do?
It is advised to take the following actions;
- Reset your OneLogin password immediately
- If you are using the same password on other websites, also resetting them will be the right movement
- Recycle any secrets stored in Secure Notes
For the developers/webmasters;
- Generate new certificates for your applications that use SAML Single Sign On (SSO)
- Generate new API credentials and OAuth tokens
- If you replicate your directory password to provisioned applications (using the SSO Password feature), force a password reset for your users.
- Generate new Desktop SSO tokens and credentials
- Update the credentials you use to authenticate to 3rd party apps for provisioning.
- Update the admin-configured login credentials for apps that use form-based authentication.
Please subscribe to our free security newsletter.
470 total views, 2 views today