Single Identity Manager Hacked: OneLogin

Bitcoins, ransomware, and climate change have one thing in common: heat.  Cyber-attacks have risen and many targets are unable to delivery on the promise of “protection” and cost efficiency.  The latest target of hackers is OneLogin.  OneLogin offers businesses identity management, which stores securely encrypted passwords from multiple users and accounts in the cloud.    Although the dwell time was less than 24 hours,  the hacker’s unauthorized access could prove disastrous for users in the future. The breach affected reportedly all of its data centers in the U.S.   The hackers had begun its weaponization after obtaining a set of Amazon Web Services (AWS) keys. Using the AWS APIs from a smaller service provider, reconnaissance of OneLogin cloud infrastructure was fruitful, connecting to database tables that contain type of keys, apps, etc.  According to OneLogin’s product data sheet “External Users and OneLogin provide Security and Identity Management,”  it integrates Active Directory and Lightweight Directory Access Protocol (LDAP) servers with its cloud-based Directory Connector behind the firewall.  As an application protocol, LDAP communicates with Active Directory databases.


Hoyos, A. “May 31, 2017 Security Incident (Updated June 01, 2017).”,  01 June 2017, Accessed 02 June 2017.
Ng, A. “OneLogin breach means you need a password fix, stat.”, 02 June 2017, Accessed 02 June 2017.
Peters, S. “10 Password Managers For Business Use.” Dark Reading, 28 September 2015, Accessed 02 June 2017.
Scharf, J. “Where’s My Secret Access Key?” AWS Security Blog, 26 August 2013, Accessed 02 June 2017.
Whittaker, Z. “Password manager OneLogin hacked, exposing sensitive customer data.” Zero Day, 01 June 2017, Accessed 02 June 2017.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s