Hyacinth Mascarenhas reports:
Cloud-based identity access service OneLogin has announced a server security breach that allowed a hacker to access customer Secure Notes data due to a bug in the company’s logging system. The company said the breach occurred when an intruder managed to gain access to its logging system that stores logs and analytics information using a OneLogin employee’s password.
Announced in a blog post on 30 August, the company said a bug in the logging system exposed data in its Secure Notes facility — a feature that allows customers to securely store text information such as licence keys and firewall passwords on the company’s servers in an encrypted format using multiple levels of AES-256 encryption.
Read more on IBT.
Related: OneLogin Announcement