What's that?
http://www.theregister.co.uk/2016/08/31/onelogin_breached_hacker_finds_cleartext_credential_notepads/
And for LastPass:
http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/
This hole was discovered by a Google researcher. It is unknown if it was exploited before it was patched.
For any cloud based stuff, IMO, the more vulture capitalists are involved, the more untrustworthy the product as extracting money becomes the dominant concern.
http://www.theregister.co.uk/2016/08/31/onelogin_breached_hacker_finds_cleartext_credential_notepads/
The online credential manager says its Secure Notes facility was breached, allowing the intruder to read in cleartext notes edited between 2 June and 25 August this year.
Some 12 million customers use OneLogin.
It could be a dangerous breach for those affected. OneLogin suggests Secure Notes can be used to hold "information such as license keys and firewall passwords" making the stolen data a gift for network exploitation and lateral movement, should IT folks heed the advice and store sensitive credentials in the service.
And for LastPass:
http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/
This hole was discovered by a Google researcher. It is unknown if it was exploited before it was patched.
For any cloud based stuff, IMO, the more vulture capitalists are involved, the more untrustworthy the product as extracting money becomes the dominant concern.