cancel
Showing results for 
Search instead for 
Did you mean: 

Password manager OneLogin hit by data breach

Highlighted
Valued Contributor

Password manager OneLogin hit by data breach

Not good!

BBC Article - OneLogin Data Breach

Amex PRG (NPSL), Amex Blue Cash ($24K), Amex Simply Cash+ ($4K), Amex Business Cash ($22.5K), Discover ($22.7K), Cap 1 Union Plus MC ($2500), Chase FU Visa Sig ($12K), Chase F Visa Sig ($8.3K), Chase CSP Visa Sig($6.5K), FCB/Elan Rewards Visa Sig($15K), Buckle ($1.3K), BofA AAA Rewards ($84.5K), Paypal credit ($10K), BBVA Clearpoints ($7.5K), Cap 1 Savor ($10K), PenFed PCR ($3500), Bank of the West CB MC ($3K)
Message 1 of 7
6 REPLIES 6
Highlighted
Moderator Emeritus

Re: Password manager OneLogin hit by data breach


@ChargedUp wrote:

Not good!

BBC Article - OneLogin Data Breach


My company makes heavy use of OneLogin and many of us lost sleep when we were notified around 10:30 pm dealing with the issue.

 

Wasn't immediately critical but the entire organization will have a mandatory password change in the coming days; the full extent wasn't known but OLI told us to assume everything had been compromised, but I have to admit their notification to their customers was on point and they were forthcoming with information as it became available.




        
Message 2 of 7
Highlighted
Frequent Contributor

Re: Password manager OneLogin hit by data breach

My Secretary uses one of those online services and I think she's nuts. About 3 years ago she put all my company passwords in there for "safekeeping" and I blew a gasket... terrible idea I think. Of course I was also mad at her a year ago for mistakenly setting up 2 autopays with BOA for my wife's truck (it wasn't on purpose) BUT I'm not so annoyed now that we got the title in the mail yesterday 2.5 years early so there's that.  Smiley Very Happy

 

Blessing AND malediction?

FICO 8:  EQ:687  TU:728  EX:735
Message 3 of 7
Highlighted
Senior Contributor

Re: Password manager OneLogin hit by data breach


@805orbust wrote:

My Secretary uses one of those online services and I think she's nuts. About 3 years ago she put all my company passwords in there for "safekeeping" and I blew a gasket... terrible idea I think. Of course I was also mad at her a year ago for mistakenly setting up 2 autopays with BOA for my wife's truck (it wasn't on purpose) BUT I'm not so annoyed now that we got the title in the mail yesterday 2.5 years early so there's that.  Smiley Very Happy

 

Blessing AND malediction?


Yeah, I think it's pretty terrible idea as well. With it being so publicly known what a treasure trove of data these kind of services have, they're a top target for hackers.

 

The company passwords printed on paper, safely locked up is more my idea of "safekeeping".


Message 4 of 7
Highlighted
Moderator Emeritus

Re: Password manager OneLogin hit by data breach

One Login isn't so much a password vault in the typical use case (Secure Notes notwithstanding and things like LastPass Enterprise are local anyway for personal data unless you choose to share it in the corporate vault, which is another terrible idea) as it is a single-singon authentication source, and can be tied to 2FA like in our case Duo.  Effectively all of our SaaS provided applications in our entire enterprise besides Google services auths through OLI.

 

Problem is they stored passwords in a hash rather than storing a token for whatever (possibly sloppy) reason; would've figured they'd simply do it like anyone smart does with CC's and PCI these days: don't store that crap locally and delegate the authentication back.  Presumably they saved money on bandwidth and some transaction costs, and this is what we get instead I guess.




        
Message 5 of 7
Highlighted
Valued Contributor

Re: Password manager OneLogin hit by data breach

I use Lastpass for personal home use.. I think something happened with them a couple years ago, not sure if severe or not.. but I'm comfortable with them. It beats having the same 1 or 2 ten digitit password for 50 sites..

Amex Green • Amex BCP • Amex HH (Aspire®) • Barclay Rewards • Chase World of Hyatt • Chase FU • Capital One Quicksilver • Discover it • PENFED Platinum Rewards • Marvel MC • Amazon Store • Kohls Store • CL $109,330 • Car Loan (PENFED) 1.99% PAID

FICO® 8 Scores 805-812 FICO® 9 Equifax 822
Message 6 of 7
Highlighted
Frequent Contributor

Re: Password manager OneLogin hit by data breach

Totally agree Dave

FICO 8:  EQ:687  TU:728  EX:735
Message 7 of 7
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.