If you use OneLogin to manage your passwords, then you will want to check your email, which I’m assuming is they way they’ll contact customers, and see if they have any advice. (Although, now that the attack is public, be careful of spoof emails.) The password management company was recently accessed by a malicious entity, and data was copied. OneLogin claims that they encrypt sensitive data, however they also state that it’s possible the intruder also gained access to the ability to decrypt it, but they also may not have.

The attack occurred on their US-based Amazon Web Services (AWS) instance. Apparently, OneLogin noticed several servers being created without authorization, so they considered those API keys compromised and shut down the servers.

There’s not much else to report at the moment. Check out the OneLogin blog to see what they find out as they find it out.