Hackers break into centralized password manager OneLogin

June 2, 2017
In this Feb. 27, 2013, file photo, hands type on a computer keyboard in Los Angeles. Hackers have gained access to OneLogin, an online password manager that offers a single sign-on to multiple websites and services. The breach raises questions about the security of other accounts kept with OneLogin. According to published reports, OneLogin informed customers that the breach included the ability to access encrypted data; passwords are typically stored that way. OneLogin didn't immediately respond to a request for comment. (AP Photo/Damian Dovarganes, File)

Hackers have gained access to OneLogin, an online password manager that offers a single sign-on to multiple websites and services.

OneLogin said in a blog post that it couldn't rule out the possibility that hackers got keys to reading encrypted data, such as stored .

Published reports, however, say OneLogin informed customers that the hackers indeed got that capability. OneLogin didn't immediately respond to a request for comment.

Password managers help people keep track of passwords for a growing array of websites and services that require one. Instead of having to remember complex passwords for each one, people can just remember a master password. The password then unlocks other accounts as needed.

Some say that despite the risks of breaches with password managers, using one to keep track of multiple complex passwords is far better than repeatedly using the same ones at multiple sites.

In 2015, rival LastPass said hackers obtained some user information—although not actual passwords. It advised all users to change their LastPass master password.

While LastPass offers its services to both individuals and businesses, OneLogin focuses on corporate customers and lets employees of those companies access a range of services from Google, Microsoft, Amazon and others. OneLogin's customers include Pinterest and Conde Nast.

Explore further: Lessons from Yahoo hack: Simple tips to safeguard your email

Related Stories

Tech Tips: Stay safe by reducing reliance on passwords

June 17, 2015

Mix upper and lower case letters in your password? Substitute the numeral 1 for the letter l? Throw in an exclamation point and other special characters? Who can remember all that for dozens of websites and services?

Dashlane, Google in open source password manager project

August 7, 2016

(Tech Xplore)—PC and tablet warriors who must access files and applications for work and for play tolerate their password rituals whether dozens or more times a day. Painful as entering passwords may be—forgetting some ...

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

3 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

KBK
4 / 5 (2) Jun 02, 2017
Of course, one simply has to be smart enough to realize there is no sense in using such services in the first place.

Just keep your shit together and deal with the hassle of individually entered passwords at every single time of use, and your security level goes way way up and stays there.

I don't use auto logins for a single thing. And neither should you.

pass words are a pain. Deal with it. Suck it up.

Or get stuck being invaded -- like this article says is your eventual outcome.

It's Russian roulette. The trick is to never sit down and play.
rrrander
not rated yet Jun 04, 2017
Half the people out there are too stupid to remember their own names, let alone a SLEW of passwords. They open attachments in strange emails, they record passwords in things that can get stolen. IMO, a centralized system is probably no more harm to them than none.
EmceeSquared
not rated yet Jun 05, 2017
KBK:
Of course


"Russian roulette" indeed.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.