Gluu Blog

Follow us:
Back to Blog

OneLogin breach exposed the ability to decrypt data[

Mike S. June 2, 2017

Today news broke that OneLogin, a software-as-a-service (“SaaS”) identity provider, has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.

Read the Krebs on Security article discussing the breach.

This is a nightmare scenario we’ve been talking about for years at Gluu.

In fact, it’s one of the main reasons we have avoided creating a SaaS offering for the Gluu Server.

A SaaS brimming with PII is a huge target.

Even worse, OneLogin’s customers will never have the opportunity to perform their own forensic analysis to determine how their data was affected.

We understand how challenging it can be to manage on-prem software. And to be frank, some services just aren’t worth hosting your self.

But your authentication service is your keys to the kingdom.

When its security is compromised, it is devastating.

This is not to say that on-prem systems are immune from breaches. Clearly they are not.

But attacks against on-prem systems have to be specifically targeted at you or your organization. And when you control the system, you have remediation options that can be acted upon immediately (without approval from a 3rd party).

The threat of digital breaches is more real than ever, and the majority of breaches are due to bad access security.

Let this be the alarm you need to force a serious evaluation of your security practices.

Our recommendations?

  • Host your own central authentication service using the Gluu Server, and use strong authentication everywhere;
  • Protect critical web resources with U2F authentication–it’s the only technology that protects against a man-in-the-middle attack. Learn more here.
  • Use strong, random and different passwords at all of your most critical services.

If you’d like to discuss your security requirements, we are always available.

Just schedule a call.

Thanks, and stay secure!

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.