OneLogin Password Manager Hacked

The identity and access management service OneLogin, which uses Amazon Web Services (AWS) to store customer data, recently announced that an attacker had “obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the U.S.”

The attacker gained access to the system on May 31, 2017 from around 2am PST to around 9am PST, when OneLogin staff was alerted to unusual database activity and blocked the access.

“The threat actor was able to access database tables that contain information about users, apps, and various types of keys,” the company stated. “While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data.”

Read more at – OneLogin Password Manager Hacked