1. Home
  2. Forums Index
  3. WebmasterWorld / Website Security for Webmasters 11:56 pm May 20, 2026

Forum Moderators: open

Message Too Old, No Replies

OneLogin Password Manager Hacked

         

engine

4:18 pm on Jun 2, 2017 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



I'm sure a lot of us use password managers to help keep track of the huge number of passwords we've all got to manage.

This story about OneLogin being hacked is somewhat worrisome as it's now reported that the ability to decrypt encrypted data.
I'm sure, if you have an account there that OneLogin will already have been in touch. If not, oh dear, you'd better get onto it.

"OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised,"
Later in the day, the company said in an update: "Our review has shown that a threat actor obtained access to a set of [Amazon Web Services, or AWS] keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US." OneLogin Password Manager Hacked [zdnet.com]

keyplyr

9:57 pm on Jun 2, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



OneLogin shifting focus to the hackers by saying "hackers have 'the ability to decrypt encrypted data'" is suspect to their accountability in protecting their users' sensitive data.
"Our review has shown that a threat actor obtained access to a set of [Amazon Web Services, or AWS] keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US."
So they're *not* saying TLS v1.2 is hackable or that data security hashing is unsecure, only that their data was hackable. So it's their failure... that's what's important IMO.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Security for Webmasters 11:56 pm May 20, 2026