| If you're a OneLogin customer trying to figure out what you're supposed to do now, this is what you're supposed to do: https://support.onelogin.com/hc/en-us/articles/115002695483?... (A logged out and "won't be updated" version: https://pastebin.com/2eAtMyEv) Take special note of the "secure notes" feature. Do your engineers store infrastructure secrets, (like AWS Access Keys / Secrets) within it? The instructions indicate that these "Secure Notes" are likely compromised and an adversary has the ability to decrypt them. If your answer was yes, a bad guy has easy access to your environment. Additionally, if you're feeling extra cautious, you should look into malicious activity within any dashboards or logs provided by apps you authenticate with OL into. For instance, any sort of "recent logins" feature. Lastly: It's sort of unclear to me what the exposure for any potentially leaked multifactor integrations might be. For instance, a DUO integration + secret key, if they leaked, and if a credential roll for MFA integrations need to happen. |