Identity management firm OneLogin has experienced a data breach impacting their customers’ data.
The company alerted its customers on Wednesday via email that their information may have been exposed, according to a report by Ars Technica.
In a message posted on a support page only accessible to OneLogin account holders, but published on Pastebin, the company shared that “All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.”
A blog post by OneLogin CISO Alavaro Hoyos indicates that the company detected unauthorized access but have since been able to block it and have “reported the matter to law enforcement.” In a follow-up statement on the matter, Hoyos confirmed that a threat actor successfully accessed “database tables that contain information about users, and various types of keys.”
The company has shared a list of instructions that its customers should follow in the wake of the breach.