OneLogin confesses to security breach

Identity and access management company admits security breach that may have compromised customer data

OneLogin, a company that offers to secure authentication and identity management services to businesses, has warned customers of a security breach that could have spilt their corporate passwords to hackers.

OneLogin warned its customers in a posting on its website: "Today we detected unauthorised access to OneLogin data in our US data region.

"We have since blocked this unauthorised access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorised access happened and verify the extent of the impact of this incident," claimed the company.

It continued: "We want our customers to know that the trust they have placed in us is paramount.

OneLogin chief information security officer Alvaro Hoyos, added: "While our investigation is still ongoing, we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented."

The email adds a little more flavour to the incident, upgrading the unauthorised access warning somewhat and suggesting that it may be a bigger problem than Bond initially believed.

"We detected unauthorised access to OneLogin data in our US operating region. At this time, OneLogin believes that all customers served by our US data centre are affected and customer data was potentially compromised," it says.

It's nto the first security breach to affect the company. In August last year, it warned customers that a bug in its systems enabled attackers to read their notes in plain text.