This looks like a customer data leak and not a vault leak? Still an issue but not a reason to go rotate every password - or am I misreading?