New
#1
Call me old fashion, but I'm using ye good ol' paper for this.
Password manager and single sign-on provider OneLogin has been hacked, the company has confirmed.
In a brief blog post, the company's chief security officer Alvaro Hoyos said that it had "detected unauthorized access to OneLogin data in our US data region," and that it had reached out to customers.
Hoyos said that the company had blocked the unauthorized access after the breach and is working with law enforcement.
The blog post had no further information or technical details about the incident -- though, the post omitted that hackers had stolen sensitive customer data, which was only cursorily mentioned in an email to customers, seen by ZDNet.
"OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised," the email read.
Password manager OneLogin hacked, exposing sensitive customer data | ZDNet
Call me old fashion, but I'm using ye good ol' paper for this.
Online password managers get hacked several times each year, not surprising.
What is surprising, how many people are using them and actually trust them.
I have never ever used any of the so called "password managers" and never had a problem with my passwords what so ever...also I keep a little sheet of my p/w's in my closet pff
I keep passwords for sites where hackers could do damage safe in my care and enter them each time I log in. Some I trust Firefox to remember, like the one for this site.
A week after OneLogin disclosed it had been hacked, the company's security chief has said that thousands of its customers may have been affected -- but admitted that it still has a lot to learn about how it was breached.OneLogin security chief reveals new details of data breach | ZDNetOneLogin is similar to a password manager, but also manages the identities and login information of enterprise and corporate users -- from hospitals, law firms, financial giants, and even newsrooms. OneLogin acts as a central sign-in point to allow its customers -- which includes millions of staff and end users -- to access their accounts on other popular sites and services, like Microsoft and Google accounts.
At the end of last month, the company announced news that nobody wants to hear.
An attacker obtained and used highly-sensitive keys for its Amazon-hosted cloud instance from an intermediate host -- effectively breaking into its service using its front-door key. The company added that while it encrypts sensitive data, the attacker may have "obtained the ability to decrypt" some information.