OneLogin has experienced a data breach and it may affect your website

2nd Jun 2017
OneLogin has experienced a data breach and it may affect your website

Do you have a website that uses the single sign-on provider OneLogin? If you do you will need to pay careful attention as this very recent data breach may have affected your site and may require action.

In the past 48 hours, OneLogin has detected an unauthorised access to their data in the US data region which meant customer data was compromised, including the ability to decrypt encrypted data. They have since blocked the unauthorised access but if you use this service or any other of OneLogin’s services they have advised users to follow the steps below to check if you have been affected:

  • If you replicate your directory password to provisioned applications, force a OneLogindirectory password reset for your users.

  • Generate new certificates for your apps that use SAML SSO.

  • Generate new API credentials and OAuth tokens.

  • Generate and apply new directory tokens for Active Directory Connectors and LDAP Directory Connectors.

  • Update the API or OAuth credentials you use to authenticate to third-party directories like G Suite, Workday, Namely and UltiPro.

  • Generate and apply new Desktop SSO tokens.

  • Recycle any secrets stored in Secure Notes.

  • Update the credentials you use to authenticate to third party apps for provisioning.

  • Update the admin-configured login credentials for apps that use form-based authentication.

  • Have your end users update their passwords for the form-based authentication apps that they can edit, including personal apps.

  • Replace your RADIUS shared secrets.

If you use OneLogin, you should have already received an email with a link to an article containing the information above. It will, however, require that you log in to see the article.

Leave a Comment

Submitting this form will create you an account on this site for submitting comments, raising disputes and other features as we add them. If you've already got an account you will receive an email asking you to confirm this comment is really by you!

Know a great web designer, developer or marketer?

Tell them to apply to join The Web Guild - it’s free for anyone who gets a company profile approved before the end of March! Read our How it Works page or sign up here!

<< Back to news