Staff breach at OneLogin exposes password storage feature | CSO

“…it appears the company wasn’t using multi-factor authentication for its own systems. OneLogin’s CISO Alvaro Hoyos said a bug in its software caused Secure Notes to be “visible in our logging system prior to being encrypted and stored in our database…”