The title basically says it all as this is a sentence that shouldn't be possible.
I'm an 1Password administrator in an organization and when I looked at the Activity Log view on the the 1Password website (my-organization.1password.eu/activity-log) to look for an action of a different user, I saw that the 5th entry ever was:
gave a group access to a vault
And because I know that, as an administrator, I can see all vaults expect their private vault, I realized the "vault" can only be their private vault.
I verified this by looking and my own Activity Log because I obviously have rights to my own private vault and as expected I saw:
gave a group access to their vault Private
With the word "Private" being linked to the URL of my private vault.
This seems to be generated by an automated action during account initialization, as it's logged in the same second and directly after the
gave themselves access to their vault Private
joined the account
But what is happening here? What group can this be and why is this logged? Giving group access to my own private vault is a contradiction in itself and is a sentence that shouldn't be written anywhere. In the best case is this activity log very misleading, in the worst case is this a security breach to the private vault.
1Password Version: 1264
Extension Version: Not Provided
OS Version: Not Provided