OneLogin has admitted that the single sign-on (SSO) and identity management firm has suffered a data breach. However its public statement is vague about the nature of the attack.
An e-mail to customers provides a bit of detail—warning them that their data may have been exposed. And a support page that is only accessible to OneLogin account holders is even more worrying for customers. It apparently says that "customer data was compromised, including the ability to decrypt encrypted data."
OneLogin—which claims to offer a service that "secures connections across all users, all devices, and every application"—said on Thursday that it had "detected unauthorised access" in the company's US data region. It added in the post penned by OneLogin CISO Alvaro Hoyos: