OneLogin Hacker?

[TrasMontano]

I' ve just read on a portuguese site that OneLogin has been hacked and that it is possible for hackers to discover/unencrypt login details.

Can anyone confirme and is LastPass secure?

Thanks

[Batu69]

Topic moved from software chat forum, suitable here to discussion about security and privacy issues.

 

[DKT27]

On 2/6/2017 at 4:36 AM, TrasMontano said:

I' ve just read on a portuguese site that OneLogin has been hacked and that it is possible for hackers to discover/unencrypt login details.

Can anyone confirme and is LastPass secure?

Thanks

 

Lastpass is owned by a similarly named, but not the same, company you have mentioned.

 

Also yes, that company is hacked, however, Lastpass is nowhere connected to it.

 

As for the Lastpass, I do not think it's safe to use Lastpass anymore - it actually never was, considering how many times it has been hacked before I think.

[TrasMontano]

I use two password manager, LastPass and Sticky Password.

This is the answer Sticky Password gave me:

Hi TrasMontano, a bit more info for you: OneLogin is a single-sign-on service. These types of services typically work on the basis that access to users’ decrypted credentials is required on their server in order to work across many sites - for that reason they must be able to decrypt credentials on the server side. So, if an attacker gets access to the servers, he may be able to get to decrypted data.
On the other hand, Sticky Password encrypts/decrypts your credentials only locally on your device - we use cloud servers only to sync encrypted credentials between your devices.  We’re not able, and neither is any attacker, to decrypt your data on the server. The encryption key is derived only on your device from your master password using strongest encryption algorithm available.