Author: Urban Schrott / Source: ESET Ireland
OneLogin has admitted that it cannot guarantee the security of encrypted data compromised by a cybercriminal on Wednesday (May 31st).
The firm has confirmed that a review is currently underway to investigate the data breach, which affected its “US data region”.
Unauthorised access has since been blocked and the incident has been reported to the authorities, with independent security firms also on board to help identify the extent of the incident.
OneLogin found that the cybercriminal had obtained access to a set of AWS keys, and had used them to access the AWS API from an intermediate host with another, smaller service provider in the US.
Affected customers have already been informed, with the company claiming that the attacker was able to access database tables containing various pieces…
Click here to read more
