A Microsoft engineer has uncovered a tiny flaw in the way 1Password manages user metadata in some setups, exposing user details along the way.

You can read the in-depth explanation of this entire 1Password (intentional) design flaw on Dale Myers' website, but we're also going to summarize it for you if you're not in the mood for technical blog posts at this time of day. Mr. Myers has found out that 1PasswordAnywhere, a 1Password feature that stores the user's accounts and passwords inside an HTML file on Dropbox accounts, only encrypts password data, but not the metadata for each account.