Gibbs Law Group is currently investigating reports of a security breach at San Francisco-based password management company, OneLogin, in which customer data was reportedly compromised.
What is OneLogin?
OneLogin is an online service that lets users manage their login credentials to websites and applications from a single platform. OneLogin’s service operates as a password master key, that offers customers the convenience of not having to remember all of their different login and password information, and promises “secure access for every user, every app, every device.” OneLogin is reported to have more than 12 million users, including businesses such as Yelp, AAA, Dell, Pandora, and Pinterest.
Because OneLogin aggregates all of users’ credentials in a single sign-on service, it is reported to be a particularly attractive target for potential cyberattack given that it presents a single point of failure.
The Data Breach
On June 1, 2017, it was reported that OneLogin experienced a security breach, in which customer data was compromised, including the ability to decrypt encrypted data. In a blog post, OneLogin’s chief information security officer advised that the company had detected unauthorized activity:
[A] malicious actor . . . obtained access to our US operating region. . . . The threat actor was able to access database tables that contain information about users, apps, and various types of keys. While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data.
According to Fortune, the hacker may have accessed private, sensitive customer data.
Are You a OneLogin Customer?
If you are a OneLogin customer and believe that your information may have been compromised in the recent cyberattack, our privacy attorneys are interested in speaking to you. Please contact an attorney at Gibbs Law Group for more information by calling toll-free (866) 981-4800 or by filling out the form to the right.
Gibbs Law Group’ attorneys have filed privacy violations lawsuits on behalf of people around the United States who have had their private information exposed as the result of a data breach. We work to compensate those affected while holding companies accountable for inadequate security measures and to ensure corporate privacy policies improve.