Popular password manager, OneLogin posted a warning yesterday that they had been breached and a significant amount of data had been lost. More importantly that the attackers had vital information that could allow them to, “decrypt encrypted data.” OneLogin believes that the breach affects all U.S. customers and that customer data was compromised.
All customer’s served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data. – OneLogin support post
The post, on their support page, was brief with little details on the event, aside from reset information. It is safe to say that despite the lack of information from OneLogin, the fact that hackers now have the ability to decrypt your encrypted information is extremely concerning. And how did hackers manage to get ahold of such a master key?
As we continue to receive details of the breach we’ll update this page.
In light of the this breach and others, as of late, we find it harder to recommend the use of password management applications. We will revisit password manager systems shortly to determine the risks involved versus the benefits.