It is currently 22-08-2017 10:16

Service single sign-on OneLogin was the victim of a cyber attack

Service single sign-on OneLogin was the victim of a cyber attack

by sigismund » 2016-08-31 15:19:55


Attack suffered by the Secure Notes system, where users preserve their OneLogin credentials to log in to the application.


The company OneLogin provides single sign-on service single sign-on (SSO) for cloud applications, was the victim of a data breach. Currently, the number of customers reaches about 12 million, which means that the incident could affect millions of users.

According to the company's notice, the attack system Secure Notes, where users retain their OneLogin credentials to log in to the application. As a result of the incident, the attackers gained access to the records made between 2 June and 25 August of the current year. Since Secure Notes users save information such as the activation keys for the programs and passwords to firewalls, the consequences of the attack could be catastrophic.

The cause of the leak was a vulnerability in the Secure Notes that allows you to see in the registry is made to the user record before they will be encrypted using AES-256. To penetrate the corporate network OneLogin attackers obtained the password of one of its employees.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5