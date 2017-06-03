Password manager and single sign-on provider OneLogin has been hacked, the company has confirmed.

According to a statement by OneLogin CISO Alvaro Hoyos, it “detected unauthorized access to OneLogin data in our United States data region” yesterday, and blocked the unauthorized access, reported the matter to law enforcement, and was working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident.

While a data breach is one thing, The Register reports it has been sent emails by OneLogin users that notes the data has not only been compromised, but the cyber criminals also have the got hold of the ability to decrypt it has as well. The rest of the blog post is thin on details and includes nothing about customer data being impacted, or how some data could be decrypted.

But questions remain over how the hackers had access to data that could be decrypted in the first place.

OneLogin has pointed customers to a support page that instructs them on how to deal with the breach, including having users change their passwords, creating new certificates, and creating new OAuth tokens. It’s thought that the company has millions of users serving more than 2,000 companies in dozens of countries, according to CrunchBase.

OneLogin didn’t immediately respond to questions.