The company's chief information security officer Alvaro Hoyos confirmed the breach, and said OneLogin was working with law enforcement and an unnamed independent security firm to ascertain the extent of the incident.
Yet the support page referenced in the email, a page which can only be viewed by customers logging in, allegedly added, "All customers served by our United States data center are affected; customer data was compromised, including the ability to decrypt encrypted data". Check out the OneLogin blog to see what they find out as they find it out.
"At this time, OneLogin believes that all customers served by our U.S. data center are affected and customer data was potentially compromised".
A letter sent to a OneLogin customer, who shared it with Fortune, includes slightly more-and much scarier-information than was made public in the blog. All affected OneLogin customers should have already been contacted by the company, but even if an email has not been received it is recommended to immediately log in to your OneLogin account and change your security credentials.
Video shows bounty hunters approach man before shootout
The video released by Greenville police shows the bounty hunters approach 49-year-old Ramon Hutchinson in a glass office. She says he was a professional, engaged to be married and doubts that he would have misrepresented himself.
In addition to forcing a password reset the company is also instructing customers carry out a lengthy list of actions, including generating new certificates for apps that use SAML SSO - a standard for logging users into apps based on their sessions.
According to Hoyos, the hacker was able to infiltrate database tables that contained information such as users, apps, and key types.
Generate new API keys for all services.
"While we encrypt certain sensitive data at rest, at this time we can not rule out the possibility that the threat actor also obtained the ability to decrypt data", Hoyos added. Law enforcement and third-party security experts are now working with OneLogin to investigate the scope of the hack and identify the guilty parties involved. This is not the first time a data breach has occurred at OneLogin and if lessons are learnt, it comes with a hefty cost. That's a contention that has been roundly denied by the cloud providers, which say they have more security expertise than most businesses.