Access manager service OneLogin has announced that it has suffered a massive data breach that affects all users whose data was stored on the US servers, making for a rather nasty situation.
“Our review has shown that a threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US,” the announcement reads.
It seems the attack started on May 31, 2017, around 2AM PST and was shut down around 9AM PST when the company’s staff was alerted of unusual database activity. It only took them a few minutes to shut down the affected instance, as well as the keys that were used to create it.
OneLogin states that the attacker was able to access database tables that contain info about users, apps, and various types of keys.
The worst part, however, is that while this data was supposed to be encrypted, the company can’t guarantee that the attacker didn’t also obtain the ability to decrypt data.
“We are thus erring on the side of caution and recommending actions our customers should take, which we have already communicated to our customers,” the company writes in a blog post.