OneLogin Hacked: ID Manager Database Breached, User Information Compromised
International Business Times
by AJ Dellinger
... Last year, OneLogin experienced a breach that allowed an intruder to access Secure Notes in plaintext. In this case, it appears those Secure Notes and other information may again be at risk, as the company notes that encrypted user information could be decrypted.
“The latest OneLogin breach should not surprise anyone,” Ori Eisen, a cyber security expert and founder and CEO of identification management company Trusona, told International Business Times.
Eisen noted that static usernames and passwords, whether entered manually or trusted to a single sign-on service like OneLogin, are insecure because they can be compromised at almost any time.
“The problem with a solution like OneLogin is you’re relying on one password to protect all of your passwords. As soon as that gatekeeper password is breached, you’re putting everything else at risk.” Eisen suggested organizations need to “move beyond static usernames and passwords as a way to protect information” to truly be safe.