Krebs – OneLogin: Breach Exposed Ability to Decrypt Data
- Michael Trotter-Lawson
- Jun 1, 2017
- 1 min read
This is certainly a compromise of note, though according to the article, if you were affected, you have have already received notice from OneLogin. In the comments/discussion section of Mr. Krebs blog, there is also an interesting conversation surrounding 2FA and how that could have mitigated the risk. If multi-factor was in place for the individual sites a person accessed through OneLogin, then yes, it would have been beneficial. Otherwise, decrypted credentials are the straw that breaks this particular camel’s back.