NEW YORK — Hackers have gained access to OneLogin, an online password manager that offers a single sign-on to multiple websites and services.

OneLogin said in a blog post that it couldn’t rule out the possibility that hackers got keys to reading encrypted data, such as stored passwords. Published reports, however, say OneLogin informed customers that the hackers indeed got that capability. OneLogin didn’t immediately respond to a request for comment.

Password managers help people keep track of passwords for a growing array of websites and services that require one. Instead of having to remember complex passwords for each one, people can just remember a master password. The password service then unlocks other accounts as needed.

Some security experts say that despite the risks of breaches with password managers, using one to keep track of multiple complex passwords is far better than repeatedly using the same ones at multiple sites.

In 2015, rival LastPass said hackers obtained some user information – although not actual passwords. It advised all users to change their LastPass master password. OneLogin focuses on corporate customers and lets employees of those companies access a range of services from Google, Microsoft, Amazon and others.


Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.