Reading:
OneLogin’s data breach – Just how serious was it?
Share:
onelogin data breach

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

OneLogin’s data breach – Just how serious was it?

There’s a big demand for cyber security globally as the rise of the digital age continues to pave the way for data breaches, leaks and hacks on an almost continual basis.

Yet despite the rise in cyber security that goes hand in hand with the rise of cybercrime, it seems multiple companies and organisations are still failing in their obligations to protect data securely. In recent news, one of San Francisco Bay area’s most established companies has been hacked, potentially affecting thousands worldwide.

OneLogin is an identity and access management software who provide an identity-driven enterprise security solution. They launched in 2010 giving companies a “one-click access” to cloud-based applications like Microsoft Office 365, Google’s G Suite and Amazon’s AWS.

The company’s promotional quote is: “when your identity management system is secure and reliable, everyone in the enterprise enjoys peace of mind.”

Ironically, they have now suffered a breach themselves…

OneLogin’s breach

On 31st May 2017, they noted in a blog post that “we detected unauthorised access to OneLogin data in our U.S. data region.” According to the company, the attack started around 2am North American time.

One employee at the company was alerted to the unusual database activity at 9am and assured customers that the AWS keys that were used to hack were shut down within minutes.

OneLogin maintain their investigations are ongoing. They’ve also recruited independent third-party security experts to look into the matter as well as informing law enforcement agencies.

Affected companies

OneLogin provides services in more than 44 countries worldwide, which includes Yelp, SoftBank, Midas, Pinterest, Pandora and Indeed.com.

There may be an obvious impact in terms of privacy breaches here or what data may have been lost in the attack. The company has reportedly kept the details about the loss of data rather vague, and said:

“…the threat actor was able to access database tables that contain information about users, apps, and various types of keys.”

It transpires that the Stanford School of Medicine is one of the company’s clients. The school uses OneLogin’s services to monitor patient logins to the school’s online portal and third-party sites. This could have a huge knock-on effect as the school would likely hold medical records which are arguably seen as one of the most prized types of data to steal. The school has yet to confirm or deny whether there was any loss to patient data.

OneLogin reached out to affected customers with steps they should take to prevent further after-effects. The advice ranges from generating new API keys and Oauth tokens, creating new security credentials and certificates, recycling the OneLogin Secure Notes secrets feature and updating passwords.

In further comment from the company:

“We want our customers to know that the trust they have placed in us is paramount. [OneLogin] had reached out to impacted customers with specific remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future.”

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon