Without getting complicated, OneLogin, Okta, Centrify, Microsoft, RSA SecureID Access, SalesForce App Cloud, and even more basic password managers store user identities, and login information. Using these services means that users only need to remember one password and all of their other logins are handled for them.
The most important thing about the OneLogin breach: It affects you and everyone else, not just the 2000 customers of OneLogin.
If you store information in the cloud, including information your customers entrust to you, and if your cloud provider uses OneLogin internally, then your sensitive information could possibly be accessible as well. Cloud based service providers you use every day might use identity management.
This is another example of how someone else’s breach can hurt you, including exposing your customers’ sensitive information.
The big question is: How long have attackers had access? Thank goodness OneLogin at least identified that they’d been breached. Are any other identity management firms breached and don’t yet realize it? What are attackers accessing around the world using stolen passwords?
Please forward this to anyone you know who may not realize that these single points of failure, holding login information for many services that even your service providers may use internally, are very attractive targets for attackers. One successful attack results in a goldmine of information, including yours.