Hard Rock Hotels & Casinos alongside Loews Hotels have warned customers that a security failure may have resulted in the theft of their information . Both incidents appear to have been linked to a third-party reservation platform , SynXis , which only begun informing client hotels of the security breach in June , months after the attacks took place . Hard Rock Hotels & Casinos issued a statement informing customers of the data breach Attack.Databreach last week , which took place due to the Sabre Hospitality Solutions SynXis third-party reservation system . The hotel chain , which operates 176 cafes , 24 hotels and 11 casinos in 75 countries , said SynXis , the backbone infrastructure for reservations made through hotels and travel agencies , provided the avenue for data theft Attack.Databreach and the exposure Attack.Databreach of customer information . `` The unauthorized party first obtained access Attack.Databreach to payment card and other reservation information on August 10 , 2016 , '' the hotel chain said. `` The last access Attack.Databreach to payment card information was on March 9 , 2017 . '' Hard Rock Hotel & Casino properties in Biloxi , Cancun , Chicago , Goa , Las Vegas , Palm Springs , Panama Megapolis , Punta Cana , Rivera Maya , San Diego and Vallarta are all affected . According to Sabre , an `` unauthorized party gained access Attack.Databreach to account credentials that permitted unauthorized access Attack.Databreach to payment card information , as well as certain reservation information '' for a `` subset '' of reservations . The attacker was able to grab Attack.Databreach unencrypted payment card information for hotel reservations , including cardholder names , card numbers , and expiration dates . In some cases , security codes were also exposed Attack.Databreach , alongside guest names , email addresses , phone numbers , and addresses . In May , Sabre said an investigation into a possible breach was underway . In a quarterly SEC filing , the company said , `` unauthorized access has been shut off , and there is no evidence of continued unauthorized activity at this time . '' While Sabre has not revealed exactly how the system was breached , the company has hired third-party cybersecurity firm Mandiant to investigate . Loews Hotels also appears to be a victim of the same security failure . According to NBC , Sabre was also at fault and cyberattackers were able to slurp Attack.Databreach credit card , security code , and password information through the booking portal . In some cases , email addresses , phone numbers , and street addresses were also allegedly exposed Attack.Databreach . According to Sabre , its software is used by roughly 36,000 hotel properties . `` Not all reservations that were viewed included the payment card security code , as a large percentage of bookings were made without a security code being provided , '' Sabre said in a statement . `` Others were processed using virtual card numbers in lieu of consumer credit cards . Sabre has notified law enforcement and the credit card brands as part of our investigation . '' If you stayed in one of these properties on the dates mentioned above , you may be at risk of identity theft should the attackers choose to sell their stolen cache of data . Sabre suggests signing up for a free credit report -- available to US consumers once a year for free -- and notify their bank of any stolen activity . However , no compensation has yet been made available . These hotel chains are far from the only ones that have suffered a data breach Attack.Databreach in recent years . Back in April , InterContinental admitted that a data breach Attack.Databreach first believed to be isolated to 12 properties actually harmed roughly 1,200 , resulting in the exposure Attack.Databreach of customer credit card data .

OneLogin has revealed more about the attack Attack.Databreach on its systems , confirming that a `` threat actor '' had accessed Attack.Databreach database tables including `` information about users , apps , and various types of keys . '' It warned once again that the malefactor , who was able to rifle through OneLogin 's infrastructure for seven hours , may have been able to decrypt customer data . The company said : Our review has shown that a threat actor obtained access Attack.Databreach to a set of AWS keys and used them to access the AWS API from an intermediate host with another , smaller service provider in the US . Evidence shows the attack started on May 31 , 2017 around 2 am PST . Through the AWS API , the actor created several instances in our infrastructure to do reconnaissance . OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it . One customer affected by the OneLogin attack told Ars that he was having to `` rebuild the whole authentication security system ... OUCH ! '' OneLogin told fretful customers in an internal notification that they would need to work through a number of steps to secure their accounts , including generation of new API credentials and OAuth tokens . Any users served by the firm 's US data centre have been hit by the breach , OneLogin said . `` While we encrypt certain sensitive data at rest , at this time we can not rule out the possibility that the threat actor also obtained Attack.Databreach the ability to decrypt data , '' OneLogin said . `` We are thus erring on the side of caution and recommending actions our customers should take , which we have already communicated to our customers . '' OneLogin has admitted that the single sign-on ( SSO ) and identity management firm has suffered a data breach Attack.Databreach . However its public statement is vague about the nature of the attack . An e-mail to customers provides a bit of detail—warning them that their data may have been exposed . And a support page that is only accessible to OneLogin account holders is even more worrying for customers . It apparently says that `` customer data was compromised Attack.Databreach , including the ability to decrypt encrypted data . '' OneLogin—which claims to offer a service that `` secures connections across all users , all devices , and every application '' —said on Thursday that it had `` detected unauthorised access '' in the company 's US data region . It added in the post penned by OneLogin CISO Alvaro Hoyos : We have since blocked this unauthorised access , reported the matter to law enforcement , and are working with an independent security firm to determine how the unauthorised access happened and verify the extent of the impact of this incident . We want our customers to know that the trust they have placed in us is paramount . While our investigation is still ongoing , we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented . It has given customers a long list of actions to protect their accounts following the attack . It 's unclear why it is that OneLogin has provided three different sets of information to its customers . It 's possible the company was hoping to only disclose more detail to those directly affected by the attack to avoid revealing potential weaknesses that may have exposed the data in the first place . But that attempt to keep the information under wraps has clearly backfired as customers scramble to secure their accounts . This is the second data breach Attack.Databreach that OneLogin has suffered within the past year . Last August it warned customers of a cleartext login bug on its Secure Notes service , after `` an unauthorised user gained access to one of our standalone systems , which we use for log storage and analytics . '' Hoyos apologised for that particular breach . `` We are making every effort to prevent any similar occurrence in the future , '' he said at the time .

OneLogin , an online service that lets users manage logins to sites and apps from a single platform , says it has suffered a security breach Attack.Databreach in which customer data was compromised Attack.Databreach , including the ability to decrypt encrypted data . Headquartered in San Francisco , OneLogin provides single sign-on and identity management for cloud-base applications . OneLogin counts among its customers some 2,000 companies in 44 countries , over 300 app vendors and more than 70 software-as-a-service providers . A breach Attack.Databreach that allowed intruders to decrypt customer data could be extremely damaging for affected customers . After OneLogin customers sign into their account , the service takes care of remembering and supplying the customer ’ s usernames and passwords for all of their other applications . In a brief blog post Wednesday , OneLogin chief information security officer Alvaro Hoyos wrote that the company detected unauthorized access Attack.Databreach to OneLogin data . “ Today we detected unauthorized access Attack.Databreach to OneLogin data in our US data region . We have since blocked this unauthorized access , reported the matter to law enforcement , and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident . We want our customers to know that the trust they have placed in us is paramount. ” “ While our investigation is still ongoing , we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented. ” OneLogin ’ s blog post includes no other details , aside from a reference to the company ’ s compliance page . The company has not yet responded to request for comment . However , Motherboard has obtained a copy of a message OneLogin reportedly sent to its customers about the incident , and that missive contains a critical piece of information : “ Customer data was compromised Attack.Databreach , including the ability to decrypt encrypted data , ” reads the message OneLogin sent to customers . According to Motherboard , the message also directed customers to a list of required steps to minimize any damage from the breach , such as generating new API keys and OAuth tokens ( OAuth being a system for logging into accounts ) , creating new security certificates as well as credentials ; recycling any secrets stored in OneLogin ’ s Secure Notes feature ; and having end-users update their passwords . Gartner Inc. financial fraud analyst Avivah Litan said she has long discouraged companies from using cloud-based single sign-on services , arguing that they are the digital equivalent to an organization putting all of its eggs in one basket . “ It ’ s just such a massive single point of failure , ” Litan said . “ And this breach shows that other [ cloud-based single sign-on ] services are vulnerable , too . This is a big deal and it ’ s disruptive for victim customers , because they have to now change the inner guts of their authentication systems and there ’ s a lot of employee inconvenience while that ’ s going on. ” KrebsOnSecurity will likely update this story throughout the day as more details become available . “ Our review has shown that a threat actor obtained access Attack.Databreach to a set of AWS keys and used them to access the AWS API from an intermediate host with another , smaller service provider in the US . Evidence shows the attack started on May 31 , 2017 around 2 am PST . Through the AWS API , the actor created several instances in our infrastructure to do reconnaissance . OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it. ” “ The threat actor was able to access Attack.Databreach database tables that contain information about users , apps , and various types of keys . While we encrypt certain sensitive data at rest , at this time we can not rule out the possibility that the threat actor also obtained the ability to decrypt data . We are thus erring on the side of caution and recommending actions our customers should take , which we have already communicated to our customers . ”