Customer data residing in password management service OneLogin was compromised when a “malicious actor” accessed information on keys used for encryption, the firm reports.
“The threat actor was able to access database tables that contain information about users, apps, and various types of keys,” OneLogin said in a statement.
The attack occurred on May 31 around 2am PST (09:00 GMT), according to OneLogin. Staff were not aware of the breach until seven hours later at 9am PST and it was shut down within minutes.
"All customers served by our US data centre," are potentially vulnerable, according to an email reportedly sent to customers. The email allegedly states that OneLogin cannot reveal additional information on the attack as it is being investigated by law enforcement agencies.
“We cannot rule out the possibility that the threat actor also obtained the ability to decrypt data. We are thus erring on the side of caution and recommending actions our customers should take,” it said, advising customers to take a number of steps, including resetting passwords and generating new security certificates.
In 2013 the company announced it had reached a user base of 12 million, including 700 corporate customers.
The service allows users to access multiple apps and sites using a single sign-on. Services integrated into OneLogin include DropBox, Amazon Web Services, Office 365, Salesforce, Sharepoint, Slack and Zendesk.