OneLogin Breach: API Key Flaw Exposes Sensitive OIDC Data

Executive Summary

In October 2025, OneLogin, a leading identity and access management provider, fell victim to a significant data breach that has sent shockwaves through the cybersecurity landscape. The breach was triggered by a flaw in the management of API keys, which led to the exposure of sensitive OpenID Connect (OIDC) secrets. This incident primarily impacted enterprise customers, raising serious concerns about the security of cloud-based identity management solutions. As organizations depend more on such services, the scale of this breach serves as a critical reminder of the vulnerabilities that exist in API security and data protection. The compromised credentials could potentially allow unauthorized access to sensitive systems, amplifying the risk of further security incidents.

 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

• The breach was discovered in early October 2025, following reports of unusual activities within the OneLogin system.
• Upon investigation, it was revealed that the root cause was a misconfigured API key that allowed unauthorized access.
• OneLogin promptly notified its customers and initiated a security response to mitigate the risks.

Data Compromised

• Compromised data included sensitive OIDC secrets and authentication tokens used by clients to manage user identities.
• Access to these credentials could potentially allow attackers to impersonate users and gain unauthorized access to linked applications.

Impact Assessment

• Enterprise clients faced significant risks, including potential data breaches and unauthorized access to sensitive information.
• The breach raised concerns about trust and reliability in cloud-based identity services, impacting OneLogin’s reputation.

Company Response

• OneLogin implemented immediate security measures, including a review of API key management practices and enhanced monitoring protocols.
• Customers were advised to rotate their API keys and review access logs for any suspicious activity.

Security Implications

• This incident highlights the critical need for robust API security measures and best practices in managing authentication secrets.
• Organizations are urged to adopt multi-factor authentication and regular audits to prevent similar breaches in the future.

 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.