Krebs – OneLogin: Breach Exposed Ability to Decrypt Data

June 1, 2017 / mbenlawson

This is certainly a compromise of note, though according to the article, if you were affected, you have have already received notice from OneLogin. In the comments/discussion section of Mr. Krebs blog, there is also an interesting conversation surrounding 2FA and how that could have mitigated the risk. If multi-factor was in place for the individual sites a person accessed through OneLogin, then yes, it would have been beneficial. Otherwise, decrypted credentials are the straw that breaks this particular camel’s back.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Virtual Sweater Vest

The Random Thoughts of a Former Philosopher and Current IT Security Professional

Krebs – OneLogin: Breach Exposed Ability to Decrypt Data

Leave a Reply Cancel reply

Share this:

Like this:

Leave a Reply Cancel reply