Skip to Content
Security & privacy

Data breach exposes customer passwords and encrypted data

A massive data breach may have exposed your personal information to hackers. Worse, that includes information that had been encrypted.

Encryption is a secure way of locking your digital data. Your information is scrambled and can only be unlocked with passwords, biometric security such as fingerprints, and other methods.

In fact, since Apple refused to unlock the San Bernardino terrorists’ encrypted iPhone in 2015, encryption has gained a reputation for being nearly impossible to break into. Yet the one-sign-on, password management company OneLogin confirms that customer data has been hacked and likely decrypted.

OneLogin is a username and password management company. You log onto their site with one password and OneLogin remembers all your other logins and passwords.

The company describes itself this way: “OneLogin unifies and simplifies identity and access management for a more secure and efficient enterprise.”

That’s highly convenient, especially since you probably have a dozen or more user names and passwords to remember. However, some security experts have warned that having one internet-based password puts you at risk for a data breach like the one that OneLogin suffered.

The company works with more than 2,000 companies in at least 44 countries. The data breach specifically affects customers in the United States.

A statement on May 31 from OneLogin Chief Information Security Officer, Alvaro Hoyos said:

“Today we detected unauthorized access to OneLogin data in our US data region. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident. We want our customers to know that the trust they have placed in us is paramount.

“While our investigation is still ongoing, we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented.”

What You Need To Do

OneLogin sent affected customers a long and complex set of security steps that those companies need to take.

If your data was breached, OneLogin has contacted you or will. Keep reading Happening Now for updates on OneLogin’s data breach.

More Stories You Can’t Miss:

Will 2016 be remembered as the year of the data breach?

Latest data breach puts millions of kids at risk

Create easy to remember yet super-tough passwords

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out