OneLogin announced on May 31, 2017, that their company was hacked between the hours of 2:00 am to 9:00 am PST. No big deal, right? Wrong. OneLogin is an online service that lets users manage their multiple different logins and passwords with a single sign-on (SSO). Essentially, OneLogin is a password manager that entices customers with the concept of only having to remember one secure “master” password. OneLogin has over 2,000 enterprise customers in 44 countries across the globe. A few notable customers are Pandora, AAA, Pinterest, Indeed, On The Border, Susan G. Komen, and Yelp according to their website.
OneLogin released the statement of: “All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.” The malicious hackers now have access to thousands of passwords as well as the ability to decrypt all of the data on their system. The company reportedly sent out an email to all customers with what actions to take.
Unfortunately, due to the nature of this product, password managers face a huge threat of being hacked. Their software is storing thousands upon thousands of passwords. This is all the more reason why a company needs to secure their network from all possible threats. This is not the first time OneLogin or another password management application was hacked. Only a few years ago, a hacker managed to take advantage of a bug in their system and view private messages that are encrypted in their Secure Notes feature of the software. On OneLogin’s website, they recommend “to securely store information such as license keys and firewall passwords” in Secure Notes.
LastPass, another common password manager, has been hacked numerous times. Check out this infographic on Password Managers to learn more. After all, what’s worse than a company facing a data breach? A security company facing a data breach. Their message to customers is that they will keep our information secure. There are alternative methods, that are more secure than password managers, to enforce a secure password policy for your employees and not jeopardize the security and safety of your company. Learning the fundamentals of a Windows Password Filter, like nFront, will not only keep your company’s network more secure, but it will enforce the password policy that you have always wanted to be able to enforce but never had the ability to execute with Windows Password Complexity.