Hackers were able to hack password manager OneLogin, a company that caters to the corporate community.
The password manager OneLogin, which enables users to use a single password to login to multiple sites, has been breached by hackers.
Hackers were able to gain access to "database tables that contain information about users, apps and various types of keys" said OneLogin in an official statement. “While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data,” the company added. “We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers.”
Kevin O'Brien, chief executive of GreatHorn cyber security, recommended that users update their master password along with "other key passwords, like the ones they use for their email, banking and mortgage."
Stephen Cobb, senior researcher at ESET cybersecurity, said “Frankly, this particular data breach is more troubling than most. While every company has a responsibility to protect its customers’ personal data, this is arguably even more true when that data includes the keys to many different accounts and services, as is the case with a single sign-on and identity management company like OneLogin."
As details of the breach are still coming in, it is likely that evidence of the growing pressure exerted on cyber defenses by the black market is a thriving subsector of the global cybercrime industry.