• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

Iran strikes 85 U.S. military sites in the Gulf, sparking a global selloff in stocks and a spike in the price of oil

2

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it

3

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI

1

Iran strikes 85 U.S. military sites in the Gulf, sparking a global selloff in stocks and a spike in the price of oil

2

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it

3

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
TechPointCloud

OneLogin Data Breach Poses Worrisome Questions About Cloud Use

Barb Darrow
By
Barb Darrow
Barb Darrow
Down Arrow Button Icon
Barb Darrow
By
Barb Darrow
Barb Darrow
Down Arrow Button Icon
June 2, 2017, 8:31 AM ET
Add Fortune on Google for similar content.

OneLogin, a company that sells software that claims to be a secure way for companies to use multiple cloud applications, has experienced a scary-looking data breach, the company disclosed on its corporate blog on Wednesday.

OneLogin’s service manages passwords and logins for multiple applications and sites for business users. The attack started May 31, 2017 at about 2 a.m. PT, and OneLogin staff were alerted to it about seven hours later, when they shut down access.

A letter sent to a OneLogin customer, who shared it with Fortune, includes slightly more—and much scarier—information than was made public in the blog. According to the email, the attacker “was able to access database tables containing information about users, apps, and various types of keys. while we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data.”

Get Data Sheet, Fortune’s technology newsletter

This snafu will likely confirm suspicions of traditional IT pros that companies should be wary of running business software off site in Amazon Web Services (AMZN) or other cloud data centers. That’s a contention that has been roundly denied by cloud providers, which say they have more security expertise than most businesses. Their position is that security concerns are more pronounced when technology is run on-premises.

Another OneLogin customer told tech news site Motherboard that the OneLogin snafu is a “massive leak.”

In the blog post, OneLogin chief information security officer Alvaro Hoyos said an unknown party gained unauthorized access to OneLogin’s servers running in the United States. In a follow-up, Hoyos added that this party did so by obtaining a set of AWS keys and used them to gain access to the AWS application programming interface via another service provider. (An API is the technical term for the way applications talk to each other, and APIs allowing developers to hook up pre-written software components so they work together.)

While Amazon runs its computers and software under lock and key, tens of thousands of users use APIs to access Amazon services.

David Mytton, chief executive of London-based Server Density, a server monitoring company, cautioned against overreaction. “The cloud should be more secure because you outsource to experts who can invest so much more in security than you could,” he said.

“Nothing is 100% secure and running your own single sign-on system is probably more risky but at least it’s isolated to your own system. The issue is not just a breach of OneLogin itself but the fact they store credentials to log into so many systems for so many customers. They’re also not doing a good job on the crisis communication front which is disappointing. They should be explaining more about how their security works, what went wrong, how much they invested etc.”

Related: Experts Say It’s Time to Change the Password Rules

What this means is that the hacker may have accessed private, sensitive customer data. The irony that a software service built and sold as a way to provide security may have been used to access and steal data is not lost on those who are watching. “This is a catastrophe and the risk all the cloud naysayers were warning us about,” according to the customer who shared the OneLogin email with Fortune. He requested anonymity because he is not authorized to speak to the media.

Related: Google Exec Says Public Cloud is Safest Option

San Francisco-based OneLogin, claims more than 2,000 business customers in 44 countries, including Conde Nast, Pinterest, Yelp, and Zendesk. It competes with other companies that provide password and identity management like Okta (OKTA) and Ping Identity. Google and Microsoft also offer similar services.

Fortune contacted OneLogin for comment and will update this post upon response.

About the Author
Barb Darrow
By Barb Darrow
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

a man having chair still by the window in the office
EconomyLabor
Labor force participation falls to 61.5%, the lowest in 50 years outside COVID, and economists say it’s not just people giving up
By Catherina GioinoJuly 8, 2026
5 hours ago
Man in collared shirt and jacket
Big TechAmazon
Amazon’s $25 billion ‘surprise’ bond sale dangled extra yield to lure in buyers—and flashed a warning sign about the AI boom
By Amanda GerutJuly 8, 2026
7 hours ago
Bezos’ Blue Origin is raising outside capital for the first time to compete for NASA contracts as rival SpaceX’s stock falters
InvestingJeff Bezos
Bezos’ Blue Origin is raising outside capital for the first time to compete for NASA contracts as rival SpaceX’s stock falters
By Mia OsmonbekovJuly 8, 2026
8 hours ago
Cathie Wood just bought the SpaceX dip again—and dumped Alibaba to do it
InvestingCathie Wood
Cathie Wood just bought the SpaceX dip again—and dumped Alibaba to do it
By Marco Quiroz-GutierrezJuly 8, 2026
8 hours ago
How Qualcomm’s CIO is placing big bets on AI to support the chip company’s diversification push
NewslettersCIO Intelligence
How Qualcomm’s CIO is placing big bets on AI to support the chip company’s diversification push
By John KellJuly 8, 2026
8 hours ago
Jonathan Bensamoun (right) sits on a stool next to his German Shepherd
InnovationPet Tech
Exclusive: Fi is bringing Starlink satellite technology to dog collars
By Lily Mae LazarusJuly 8, 2026
9 hours ago

Most Popular

Iran strikes 85 U.S. military sites in the Gulf, sparking a global selloff in stocks and a spike in the price of oil
Newsletters
Iran strikes 85 U.S. military sites in the Gulf, sparking a global selloff in stocks and a spike in the price of oil
By Jim EdwardsJuly 8, 2026
16 hours ago
Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
Success
Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
By Preston ForeJuly 6, 2026
2 days ago
Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
AI
Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
By Marco Quiroz-GutierrezJuly 5, 2026
4 days ago
Current price of oil as of July 8, 2026
Personal Finance
Current price of oil as of July 8, 2026
By Joseph HostetlerJuly 8, 2026
14 hours ago
Billionaires John and Laura Arnold have already donated nearly half their wealth. Now they're funding a hunt for the health risks of sports betting
Success
Billionaires John and Laura Arnold have already donated nearly half their wealth. Now they're funding a hunt for the health risks of sports betting
By Sydney LakeJuly 8, 2026
19 hours ago
$25 billion CEO says one-hour interviews are a waste of time—he puts candidates through six hours of tests and wants them to order wine at lunch
Success
$25 billion CEO says one-hour interviews are a waste of time—he puts candidates through six hours of tests and wants them to order wine at lunch
By Orianna Rosa RoyleJuly 3, 2026
6 days ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.