Slashdot Mirror

← Back to Stories (view on slashdot.org)

OneLogin Says Breach Exposed Ability To Decrypt Customer Data (krebsonsecurity.com)

Posted by msmash on Thursday June 1, 2017 @06:40AM from the security-woes dept.

Reader tsu doh nimh writes: OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data, KrebsOnSecurity reports. "A breach that allowed intruders to decrypt customer data could be extremely damaging for affected customers. After OneLogin customers sign into their account, the service takes care of remembering and supplying the customer's usernames and passwords for all of their other applications."

4 of 64 comments (clear)

Min score:

Reason:

Sort:

FAIL by Mister+Transistor · 2017-06-01 06:50 · Score: 3, Insightful

You
Had
ONE
JOB
! ! !

--
-- You are in a maze of little, twisty passages, all different... --
When will you people learn by DontBeAMoran · 2017-06-01 06:56 · Score: 3, Insightful

My passwords are in a little paper book on my computer desk. If a hacker has access to it, I've got bigger problems.

--
#DeleteFacebook
1. Re:When will you people learn by TWX · 2017-06-01 07:23 · Score: 4, Insightful
  
  I've realized it's just safer to not discuss my password policy.
  
  --
  Do not look into laser with remaining eye.
I don't understand... by hackel · 2017-06-01 07:52 · Score: 3, Insightful

Wouldn't the very first rule for any kind of platform like this, be that passwords are not decryptable without the user providing their key/password? I mean, that it's designed in such a way that this is a actually *impossible* without a brute-force breaking of the encryption? How could this ever happen? We need more technical details. Otherwise the level of incompetence would be downright astounding.