What happens when your login data is stored in cloud and managed by a third-party? This is what just happened with OneLogin, a company that provides identity and access management (IAM) solution to businesses. According a company post via a blog, hacker has accessed set of AWS keys and used them to access AWS API and data. However, it is unclear from the post, how many users data has been compromised.
“Through the AWS API, the actor created several instances in our infrastructure to do reconnaissance”
“The threat actor was able to access database tables that contain information about users, apps, and various types of keys. While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data. We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers.”
Company claims the passwords and keys were encrypted but hacker also has ability to decrypt the keys and passwords.