It’s been reported there has been a security breach at one of our competitors, OneLogin, where a hacker has been able to access customer 'Secure Notes'.
The purpose of this blog is to reassure our customers their data is not at risk of a breach from a similar attack vector.
What is Believed to have Happened?
In a statement released by OneLogin, they stated a hacker managed to obtain the credentials belonging to an internal administrator. Using these credentials the hacker logged into their servers and accessed their system logs. It transpired these logs contained clear text copies of customers' secure notes data.
As a precautionary measure they reset all passwords for external systems. You can find a link to their blog article here.
As a My1Login Customer, Does My Data Face the Same Risk?
No. Unlike OneLogin, My1Login performs full client-side encryption of sensitive data such as usernames, passwords and secure notes. This means that clear text copies of your information are never sent to our servers and therefore cannot leak out to log files, database tables, etc.
My1Login's full client-side encryption ensures that even our staff cannot access your sensitive information, as it is encrypted within your environment before it is sent to the My1Login servers. This segregation of encryption keys and encrypted data is key to securing your sensitive data.
If you have any questions or would like further information, please contact your account manager or contact one of our Identity Experts.