Krebs – OneLogin: Breach Exposed Ability to Decrypt Data

This is certainly a compromise of note, though according to the article, if you were affected, you have have already received notice from OneLogin.  In the comments/discussion section of Mr. Krebs blog, there is also an interesting conversation surrounding 2FA and how that could have mitigated the risk.  If multi-factor was in place for the individual sites a person accessed through OneLogin, then yes, it would have been beneficial.  Otherwise, decrypted credentials are the straw that breaks this particular camel’s back.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s