OneLogin, an identity and access management company with more than 2,000 enterprise clients, has been hacked. The breach, which lasted just minutes, was a major blow for both OneLogin and their clients, and the fallout isn't over.
OneLogin's success was built on their single-sign in service and their ability to maintain sensitive information securely in their cloud. During the security breach, private information about users, apps, and various keys may have been obtained by the still unknown hackers. All we currently know is what OneLogin has announced on their company blog where they mention the breach, the data that may have been collected and the fact that the hacker or hackers may have figured out a way to decrypt data.
If you are a OneLogin customer you should have already received an email from the company, but if you didn't, you should do the following immediately:
Reset OneLogin directory passwords for every user.
Generate new API keys for all services.
Create new tokens for account logins.
There are several other steps you need to take to protect your company's data, and you can find them all detailed on the service's support site.
That's all the information we have on the hack right now. Law enforcement and third-party security experts are currently working with OneLogin to investigate the scope of the hack and identify the guilty parties involved.