Did Hackers Just Steal All Your Passwords?

OneLogin, a password management service, just announced a major cyber security breach at their U.S. data center. Their customers include Pinterest, Pandora, Yelp, and many others, and this post is written to advise users to change passwords on those accounts to protect themselves and their data.

The average person has 19 passwords. If they are all different, that’s 19 unique combinations of letters, numbers, and symbols. And when tired of trying to remember whether it’s Facebook or Twitter that has the capital R at the end of the password, many have turned to password managers, services that record your passwords for you in a secure environment, whether protected by fingerprint (so you don’t have to remember anything), or another password or code. Password managers also have created useful apps to automatically log you in using your username and password, which is encrypted while being stored.

What happens when your password manager is compromised? Someone now has access to every single one of your accounts. Whoops. Actually, that’s exactly what happened in the case of OneLogin, a password managing service. On Wednesday, they announced that their U.S. data center had been hacked. They stated in an email to customers that “OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised”. Sounds pretty rough for the customers.

Actually, it gets worse. OneLogin stated that the cyber thieves who manufactured this crime had access to encrypted, sensitive data that customers stored on the “Secure Notes” servers, which was a service provided by OneLogin. The company has recommended that all data be deleted.

If you are a customer of OneLogin, you should carefully follow the instructions provided in the email sent to you. You should change all of your passwords immediately, and carefully inspect each account in question to ensure that data has not been changed or deleted. Here is a good resource that details what to do if your email is hacked.

If you aren’t a customer of OneLogin, you still could be at risk. OneLogin’s customers include Pinterest, Pandora, Yelp, as well as many others. It’s likely you have an account with one of these companies since Pinterest has 150 million active users monthly, Pandora has 81 million, and Yelp has 100 million. Though it is unclear at this time whether or not your information could have been compromised, you should be aware. It might be a good idea to change the password as well, as well as change the password of other accounts that might share the same email. I’ll bet they haven’t been changed in a while, anyway.

Thankfully, large data breaches like this are not very common – the last major hack of a password management company was in 2011. You can’t know, however, when a cyber attack will come, and so you should always be prepared. Changing passwords regularly isn’t the only thing you should do. Two-factor authentication is a feature available for most accounts and should be activated. Any other cyber security features available to you should be utilized. Above all, be wary of cyber attack, and back up sensitive data in secure locations. Don’t let paranoia prevent you from doing business, instead, employ cyber security to give you confidence that your data is safe and secure. Click here to find out more!