Krebs – OneLogin: Breach Exposed Ability to Decrypt Data

This is certainly a compromise of note, though according to the article, if you were affected, you have have already received notice from OneLogin.  In the comments/discussion section of Mr. Krebs blog, there is also an interesting conversation surrounding 2FA and how that could have mitigated the risk.  If multi-factor was in place for the individual sites a person accessed through OneLogin, then yes, it would have been beneficial.  Otherwise, decrypted credentials are the straw that breaks this particular camel’s back.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s