Thursday, 1 September 2016

Hackers Had Access to OneLogIn Data for More Than a Month

Just as password managers were having a good moment in the wake of the Dropbox breach revelations, OneLogIn, the single sign-on company, threw cold water on it all with an admission of a compromise of its own.

The company announced that an incursion gave hackers access to cleartext notepads for a segment of its 12 million users (it didn’t specify an exact number) for at least a month. The perpetrators had access to the files from “at least” July 25 to Aug. 25, and possibly had access as early as July 2.

Secure Notes is used by end users who can use it to store information. These notes are stored in the system using multiple levels of AES-256 encryption. However, a bug (now patched) caused these notes to be visible in OneLogIn’s logging system prior to being encrypted and stored in its database.

James Romer, chief security architect for Europe at SecureAuth, told us via email that the breach has, potentially, far-ranging consequences. For the full article click here 



from hacker samurai http://ift.tt/2cbKJrn
via IFTTT

No comments:

Post a Comment