The CAYK team is reaching out to our clients to inform you that OneLogin, the single sign-on provider (SSO) used by WordPress, has just recently suffered a security breach. CAYK does not use OneLogin, but we are concerned that you may.
Due to the possible impact on your website and data, we are ensuring that you are able to take immediate action. Information about the breach was revealed in the following announcement:
“On Wednesday, May 31, 2017, we detected that there was unauthorized access to OneLogin data in our US data region. All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to assess how the unauthorized access happened and to verify the extent of the impact. We want our customers to know that the trust they have placed in us is paramount, and we have therefore created a set of required actions.“
Due to how extensive and potentially damaging this breach is, we want to make sure that you are fully aware of this issue and of what can be done to protect yourself and your information.
OneLogin has recommended the following actions to protect your information:
- If you replicate your directory password to provisioned applications, force a OneLogin directory password reset for your users.
- Generate new certificates for your apps that use SAML SSO.
- Generate new API credentials and OAuth tokens.
- Generate and apply new directory tokens for Active Directory Connectors and LDAP Directory Connectors.
- Update the API or OAuth credentials you use to authenticate to third-party directories like G Suite, Workday, Namely and UltiPro.
- Generate and apply new Desktop SSO tokens.
- Recycle any secrets stored in Secure Notes.
- Update the credentials you use to authenticate to third party apps for provisioning.
- Update the admin-configured login credentials for apps that use form-based authentication.
- Have your end users update their passwords for the form-based authentication apps that they can edit, including personal apps.
- Replace your RADIUS shared secrets.
Those who use OneLogin should have received an email linking to an article with the above information, including additional details. You can also see OneLogin's blog post, as well as further articles about the breach at the BBC, The Register, Motherboard and Brian Krebs.
At CAYK, we want to help you minimise the risk to your compromised data and privacy. Please do take the necessary precautions outlined above.
