OneLogin Password Manager Suffers Major Breach, Customer’s Data Compromised

OneLogin is a well known password and identity manager that is used by many major corporations around the world. They have reported in a recent Blog Post that their systems have been breached by hackers. The breach was reported to have affected users in the US region server.

Apparently, not only were the hackers able to access database tables that contain information about users, apps, and various types of keys, but the possibility that the hackers may have also obtained the ability to decrypt data.

According to their blog, the hackers obtained access to a set of AWS (Amazon Web Services) keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US. Evidence shows the attack started on May 31, 2017 around 2 am PST. Staff were alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it.

The company has advised customers to change their passwords, generate new API keys for their services, and create new OAuth tokens — used for logging into accounts — as well as to create new security certificates. This is by no means a small task.

Personally, I use BlackBerry Password Keeper on my Passport and Priv. I do not use the cloud sync feature, not that I don’t trust BlackBerry or think it is not secure, I just don’t need to sync it constantly. I just create a backup file on the Passport and just import this into Password Keeper on the Priv. Simple and secure.

Do you use a password or login manager? If so, what do you use? Let us know in the comments below.