It’s astonishing when you stop to consider how integral online communication has become to virtually every facet of our daily lives. Every day, consumers connect again and again to the internet with little regard for the inherent risks of all this activity. Security breaches, after all, are regular occurrences, and no one can ever be absolutely sure whether their data is safe from hackers and other malicious users. When a security breach occurs, it could often mean disastrous personal and professional consequences, costs made so much worse now that mobile devices are a way of life for the majority of the population.
On May 31, that reality truly struck a chord as OneLogin — the popular single sign-on tool commonly associated with cloud-based applications — became the victim of a cyber-attack that left much of its customer base in the United States vulnerable. Much still has to be learned, though the company was quick to block the unauthorized access and launch an investigation, with both law enforcement authorities as well as an independent security firm involved. At this point, even the extent of the data leakage remains unknown, though details have slowly begun to trickle in. Most importantly, OneLogin has already contacted customers who have been identified as confirmed targets of the attack with further instructions on remediation.
The company itself has already publicly shared some details of the attack method, revealing that a “threat actor” — in OneLogin’s words — managed to gain access using Amazon Web Services (AWS) keys to log in to the API through an intermediate host and another service provider. Seven hours after the actor first infiltrated OneLogin to perform a series of reconnaissance visits, the company discovered the attack and acted quickly to put a stop to it in mere minutes. Likely, the fact that this activity went undetected for so long will be among the lingering questions OneLogin will be looking to answer going forward. While this revelation provides a starting point for OneLogin’s investigation, the details regarding customer impact remain the most concerning, as the amount of information exposed is considerable.
We know that the actor accessed database tables, including data tied to users, apps and an undetermined number of keys. Moreover, it’s so far unclear if OneLogin’s standard encryption was successful in keeping the most sensitive data away from prying eyes. The actor may have been able to decrypt the system and gain access to protected data, and since this possibility remains in play, OneLogin is rightfully choosing to play it safe and recommending that customers take precautions to guard against this potential data leakage. If you are a customer of OneLogin, you may or may not have personally fallen victim to this attack. Nevertheless, it doesn’t hurt to fortify your data to prevent a subsequent attack from wreaking havoc on your privacy.
To address some of the vulnerabilities within its infrastructure and prevent future damage, OneLogin has developed a renewed concentration on enhancing its infrastructure and application encryption. This includes strengthening AWS key management, tightening the monitoring of AWS API endpoint signals and expanding the number of activities used to identify threats early on. Of course, this recent attack is a regrettable turn of events, but at least OneLogin is using this opportunity to create a wider array of risk mitigation tools and strategies to allow ensure that data security and control reaches new heights. The company is even consulting with AWS, external cybersecurity experts and key customers to provide a comprehensive approach to its renewed focus on protecting its protect and customers.
Beware the Breach
The unfortunate incident at OneLogin is undoubtedly a troubling one for its customers, but in a broader sense, it raises concerns over cloud use in general. The company’s mission statement is based on its heightened security. So this attack serves to undermine the critical trust OneLogin has fostered with its customers. What the ultimate fallout is for the company and how they intend to prevent such a security breach going forward is very much undecided. Still, it’s hard to imagine this isn’t a pivotal moment for OneLogin. As a company, it can either rise to the challenge or allow itself to be doomed to obsolescence and further exploitation.
We can only hope that others within the industry learn from OneLogin’s experience. Developers and consumers alike — more than ever before — need to educate themselves about the latest threats against their code and their data, respectively. Vigilance is the key to avoiding a security breach, and as more and more events like this come to fruition, we must stay alert to the innovative new ways we can safeguard against attack. Hackers, for their part, are becoming craftier and their tactics more invasive than in years past. So, while we’re not advocating panic or fear every time you log in to check your social media or reply to an email, remember to be mindful of the possibilities while doing so.