According a major access management service OneLogin has alerted to the data of its US-based users of an unauthorized access. According to analysts, this one was pretty serious and the reports indicate that the hacker had been able to attain a very deep access for acquiring the information.
According to the company’s blog post, the hacker obtained the access to a set of AWS keys and created various instances in the infrastructure through the AWS API for doing the reconnaissance. He was able to obtain the database tables that contained users’ information, apps, as well as various keys.
Although the company usually encrypts certain sensitive but currently it isn’t possible to rule out the threat that hacker has actually obtained the ability to decrypt the information. The company declared that all of its customers by its US-based data center have been affected and the customer data was compromised along with the ability to decrypt the encrypted data.
This shows that the hacker has been able to obtain a level of success that is not even created by majority of the services. In order to prevent this kind of attack, end-to-end encryption and zero-knowledge systems exist.
Affected OneLogin users can visit this page. Good luck.
Via: Tech Crunch