Dear Customer

OneLog – the login tool used by Swiss media and publishing houses and a joint venture between CH Media, NZZ, Ringier and TX Group – is available again.

As part of the restoration of the OneLog platform, users are automatically prompted to set a new password when they log in to OneLog on the websites of the respective brands (e.g. Blick) in the login process. The user will then receive a password reset email from OneLog.

Beware of phishing: OneLog will not send users a request to reset their password by email unless they have actively initiated the login process. This also applies to the individual media brands and other partners (e.g. JobCloud) that use OneLog.

As always, users should choose a unique, strong password for each application and service. This is the only way to ensure that other accounts remain secure even if a single password is compromised - something that remains unproven in the case of OneLog. Rather, OneLog assumes an act of cyber sabotage; the investigation into the cyber sabotage is being carried out with the help of the relevant authorities.

People concerned can contact the OneLog data protection office with questions about data protection, which can be reached at datenschutz@onelog.ch.

OneLog is committed to providing its users with a stable and trusted environment. OneLog regrets any inconvenience caused to its users.

Updates

Press release from 23 Dec 2024

Q&A

The most important points

• Type of attack:
  OneLog assumes a sabotage attack, not a theft or unauthorized access (exfiltration) of data.
• Personal data:
  There is currently no evidence that personal data, including personal information or passwords, has been stolen. OneLog does not manage sensitive data such as credit card details or CV information.
• Platform functionality:
  The sabotage attack affected the functionality of the platform, resulting in a temporary interruption of login and registration services. The OneLog systems are available again as of November 4, 2024.

Our recommendations

• Although there is currently no indication that passwords of OneLog users have been compromised, OneLog recommends changing the password used on OneLog as a precautionary measure, especially if the same password is also used on other platforms.
• Beware of phishing attempts (e.g. free-riders): OneLog does not send password change emails without the user actively logging in.
• OneLog will only send a password reset email if the user has actively requested it. If the user receives such a request unsolicited, this is a phishing attempt. An unsolicited e-mail should be deleted immediately.
• Some of our partners (e.g. Blick, Handelszeitung and Beobachter) have also informed their users directly about the re-availability of OneLog and about the further process.
• If you have any questions about data protection, please contact the OneLog data protection office at datenschutz@onelog.ch or the data protection offices of the respective media and partner brands.

About the incident

• OneLog currently believes this to be an act of sabotage. There is currently no indication that any personal data, including personal information or passwords, has been stolen.
• OneLog did not have any sensitive data such as credit card details or CV information. No data from the subscription or payment systems was replicated in OneLog's systems either. What OneLog manages is login data (with passwords stored as hash values with special protection), logs and, depending on the partner, additional data (in the minority) such as a date of birth recorded during registration or an address for participation in a competition.
• Against the background of ongoing investigations, OneLog has regularly provided information and carefully considered what information should be made public. This was - and still is - necessary in order not to provide the suspected perpetrators with valuable details from the investigation work or to provide free riders (e.g. for phishing attacks) with information. For this reason, for example, no detailed information can be provided on the encryption algorithm used for the data and passwords or on what conclusions can be drawn from the logs. The restoration of the OneLog service and the integrity of the investigation will always be our first priority.
• As has been the case since OneLog was founded, OneLog is now also in contact with the EDÖB (in addition to the law enforcement and other authorities).
• OneLog partners such as Blick, Handelszeitung and Beobachter have informed their users directly that the OneLog service is available again and what users need to do to set a new password. This has worked well so far. A direct e-mail to all persons registered with OneLog users was not sent, because such a mass e-mail would have led to a partial blocking of the sender's address and password resets would no longer have worked there. OneLog therefore decided not to do this.
• OneLog uses extensive security measures to ensure the protection of user data. These include modern methods such as data encryption, multi-factor authentication, regular backups and audit trails to ensure that all activities are logged in a traceable manner. There are also guidelines on password complexity and continuous monitoring, including audits by independent third parties.
• To further strengthen security, OneLog operates a BugBounty program that invites external security experts to identify and report potential vulnerabilities at an early stage.
• Despite these measures, there is always a residual risk in the digital world, as cyber threats and attack techniques are constantly evolving and no system is completely invulnerable. In the case of OneLog, an act of cyber sabotage is suspected, with the presumed aim of deliberately causing damage to the digital infrastructure that would affect the functionality of the login tool. Without going into detail here, the case does not fit the classic pattern of otherwise known ransomware attacks, according to the information available to date.