[sofixa]

I don't see any mention of a critical remediation step - ensuring there are no credentials in their documentation.

Notion being a SaaS, there is always a risk of some misconfiguration or breach leaking the information from it.

[tobwen]

Indeed... The security breach is already a few days old, and the white hat hacker has informed many major newspapers about it and sent them an incident report. According to these media outlets, several credentials were stored in plain text in the knowledge base, which allowed the white hat access to other services.

[PufPufPuf]

My first thought too. It's not that hard to use an enterprise password manager.

[sofixa]

Or a generic secrets manager. Software that can scan your code repos / knowledge bases for exposed secrets is also plenty.

There is no good reason to keep secrets in clear text in a doc/code repo/knowledge base.