
OneLogin data breach, all users in US datacenter affected - Goopplesoft
https://support.onelogin.com/hc/en-us/articles/115002695483
======
jtchang
This is a huge deal. Depending on how deep the attackers got it could be
considered a giant compromise of data at multiple companies. Imagine you had a
single password that could let you into any app a company is using internally.
Not only that but that single password could be used for any account. That's
basically what it means when your identity provider is compromised. Not only
that but it is really hard to tell if it was a legitimate login because the
assertions are perfectly valid.

If I was a company I'd seriously reconsider outsourcing my identity provider.

