This is a public service announcement from Vofer. The Password Manager “OneLogin” has had a serious security incident.
OneLogin “We detected that there was unauthorized access to OneLogin data in our US data region. All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to assess how the unauthorized access happened and to verify the extent of the impact. We want our customers to know that the trust they have placed in us is paramount, and we have therefore created a set of required actions.”
In essence, the attackers where able to decrypt the encrypted data, putting at risk user date and logins.
Here are OneLogin Suggestions for actions to take:
Blog update by OneLogin – https://www.onelogin.com/blog/may-31-2017-security-incident