Security credentials like usernames and passwords are a tempting target for hackers, and even the best password managers can come under threat from time to time. That was the case recently with the popular password manager 1Password, which recently disclosed (via Bleeping Computer) that its Okta support system was breached by malicious hackers.
Fortunately, it doesn’t appear that any customer data was stolen, so if you use 1Password, your login info should be safe for now. However, it’s always good to regularly update your passwords (or use passkeys) just in case they fall into the wrong hands.
In a blog post on its website, 1Password explained the situation. “We detected suspicious activity on our Okta instance related to their Support System incident,” 1Password said. “After a thorough investigation, we concluded that no 1Password user data was accessed.”
After detecting suspicious activity on September 29, 1Password “immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.”
The link with Okta is interesting because it reveals a key vulnerability. Okta helps companies manage their users and ensure everyone can log in securely, and it also offers support for this process. As part of that, customers sometimes upload file archives to help diagnose problems, but these archives can contain sensitive data like session tokens and login data.
According to a detailed report from 1Password, a hacker stole a session cookie from a 1Password IT employee, then attempted to access the worker’s dashboard and request a list of admin users. Fortunately, the former action was blocked by Okta, while the second led to an automated email being sent to other 1Password admins, which alerted them to the breach.
While your login info is safe — no user data appears to have been accessed by the hacker — it shows just how easily seemingly secure systems can be breached by bad actors. In response to the incident, 1Password says it has reduced the number of “super admin” users, implemented tighter login rules for admins, and taken other measures.
Despite this episode, you should still pick one of the best password managers to keep your login data safe. After all, using an app to create and store unique passwords for you is far safer than using the same easily guessable login info for every account.
Related Posts
Microsoft has released an emergency Windows 11 update to fix crashing apps
Some of the problems were serious enough that Microsoft even advised certain users to uninstall the update altogether. Now, Microsoft has stepped in again with a second out-of-band update, aiming to finally steady the ship.
The rise of adaptive displays: How Lenovo is redefining productivity & play
"If you look at the history of displays, they have always been passive surfaces that simply rendered whatever the device sent to them," says George Toh, Vice President and General Manager of Lenovo’s Visual Business Unit. "What is changing now is that screens are becoming adaptive interfaces that react to what the user is doing in real time.”
Here’s what happened to your Gmail inbox over the weekend
Gmail features a sorting system that automatically moves fluff like newsletters, promos, and non-urgent updates into separate tabs, keeping your Primary inbox clean and focused on what matters. On Saturday morning, this system stopped working as expected. Instead of organizing emails, Gmail dumped all incoming emails into the main inbox, and some users even saw warnings that certain emails had not been scanned for spam.