The widely used password manager Onelogin, experienced a breach of its security that exposed their users notes over the coarse of a month or more. The breached exposed Onelogin’s users notes from the apps Secure Notes feature. The notes are encrypted, but a hacker was able to view the notes via log files (in plain text) before the log files were deleted.
Onelogin has analyzed the intrusion and places the breach between June 2nd and July 24th. It has sent notifications to its users warning them that the applications “Secure Notes” feature has been compromised and the steps they are taking to fix the issues as well as any support they can give to the users.
Unfortunately many users use the notes sections for password hints or further sensitive information concerning their accounts. Information of this sort should NEVER be logged and Onelogin has acknowledged their mistakes.
Adding salt to the wound, Onelogin discovered that it was an employee’s weak password that allowed the breach.