I don’t understand who is crazy enough to put a cloud frontend on a password store. Jewellery stores do not leave their stock in the window because it attracts thieves.
That incident was two-pronged. A bug in the system the company used for log storage and analytics caused all notes in Secure Notes to be stored in cleartext for one month. During that period, in an unrelated incident, an attacker successfully compromised the password of a OneLogin employee, something that allowed them access to the logging system where the notes were being saved.
Does anyone note the irony of a password management business having their passwords compromised
OneLogin Breach Compromised Customer Data, Ability to Decrypt Encrypted Data | Threatpost | The first stop for security news : https://threatpost.com/onelogin-breach-compromised-customer-data-ability-to-decrypt-encrypted-data/126007/