'As we communicated yesterday, we recently detected that a malicious actor had obtained access to our USA operating region, ' Hoyos explains.
The service allows users to access multiple apps and sites using a single sign-on.
The company warns that "all customers served by our USA data center are affected; customer data was compromised, including the ability to decrypt encrypted data".
OneLogin's blog post includes no other details, aside from a reference to the company's compliance page. OneLogin staff caught wind of the unusual database activity seven hours later - at around 9 a.m. PST and shut down the attack "within minutes".
On its website, OneLogin says that its service is used by more than 2,000 enterprise customers, including major companies such as Dropbox, Pinterest, Pandora and Conde Nast.
Reset OneLogin directory passwords for every user. 'The threat actor was able to access database tables that contain information about users, apps, and various types of keys. OneLogin did not immediately respond to PCMag's request for more information about the breach.
Making the attack against OneLogin more risky and potentially much more damaging is Hoyos's statement that while the company applies encryption to sensitive data, there remains the possibility that the hacker was able to obtain the ability to decrypt the stolen data.
Customers have been advised to change passwords, generate new API keys for their services, and create new OAuth tokens - used for logging into accounts - as well as to create new security certificates. "We have since blocked this unauthorised access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorised access happened and verify the extent of the impact of this incident", said Alvaro Hoyos, chief information security officer at OneLogin. This is not the first time a data breach has occurred at OneLogin and if lessons are learnt, it comes with a hefty cost.
There is also no official statement yet on how many accounts were affected by the security breach.