In a brief blog post, the company's chief security officer Alvaro Hoyos said that it was aware of "unauthorized access to OneLogin data in our US data region," and that it had reached out to customers.
Hoyos said that the company had blocked the unauthorized access after the breach and is working with law enforcement.
he company said in an update: "Our review has shown that a threat actor obtained access to a set of [Amazon Web Services, or AWS] keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US." The company added that although it encrypts "certain sensitive data at rest," it could not rule out the possibility that the hacker "also obtained the ability to decrypt data".
To read full article 🔗- https://goo.gl/pYYxMx