Enterprise password manager OneLogin suffered a massive data breach Wednesday, and the attackers may have gained access to sensitive customer data, such as login information for a variety of companies. OneLogin manages login credentials for a variety of cloud applications for more than 2,000 enterprise clients.
The company, which said that its investigation is ongoing, wrote on its blog Wednesday that the attacker was able to access database tables that contain information about users, apps, and various types of keys. “While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data,” the company wrote in a letter to clients.
The attack began around 2 a.m. Pacific time on Wednesday, May 31, when the malicious actor somehow obtained access to a set of Amazon Web Services (AWS) keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the U.S., according to the company.
Through the API, the attacker was then able to create several instances of the company?EU?s IT infrastructure to probe the company?EU?s system. The company said it was alerted to the unusual database activity seven hours later, at which point it shut down access to the affected instance and the AWS keys associated with it. The breach is thought to be enormous, as all of company?EU?s data centers in the U.S. were hacked.
The data breach is the latest such incident to affect a cloud service provider, which has raised questions among enterprise clients about the security of deploying their data to the cloud instead of on-premises. What appears to be particularly damaging about the attack is that OneLogin had marketed itself as a tool for enterprises to make using cloud services…