OneLogin confirmed this week an attacker took advantage of a bug in its system and was able to view sensitive notes, thought to be secure, posted by users.
Source: Threadpost