On October 23, 2023, 1Password’s CTO, Pedro Canahuati, disclosed the incident, stating that threat actors were unable to access or steal user data during the attack.
On October 24, 2023, 1Password disclosed (PDF) a security incident that was linked to the recent breach of Okta’s support system. The incident occurred when a threat actor gained access to an IT employee’s Okta session token by leveraging access to a stolen credential and used it to access 1Password’s Okta administrative portal.
While 1Password says that no user data was accessed during the incident, the incident highlights the importance of strong security practices for both Okta customers and password managers.
The latest security breach at Okta serves as the second cyberattack on the company. In March 2022, LAPSUS$ hackers claimed to have breached Okta and Microsoft after leaking a trove of their data on Telegram.
How the Okta Breach Impacted 1Password
Okta is a popular identity and access management (IAM) platform that helps organizations manage user access to their applications. On October 20, 2023, Okta disclosed that threat actors had gained access to its support systems and stolen authentication data for some of its customers.
1Password is one of the customers that was impacted by the Okta breach. On September 29, 1Password detected suspicious activity on its Okta instance. After a thorough investigation, 1Password concluded that a threat actor had used a stolen session token to access 1Password’s Okta administrative portal
“Based on our initial assessment, we have no evidence that proves the actor accessed any systems outside of Okta. The activity that we saw suggested they conducted initial reconnaissance with the intent to remain undetected for the purpose of gathering information for a more sophisticated attack.”Pedro Canahuati – CTO 1Password’s
What 1Password Is Doing to Mitigate the Impact of the Incident
1Password has taken a number of steps to mitigate the impact of the incident, including:
- Launching an investigation into the incident.
- Terminating the threat actor’s session immediately.
- Implementing stricter access controls for Okta users.
What 1Password Users Can Do to Protect Their Accounts
1Password users can take the following steps to protect their accounts:
- Keep their 1Password app up to date.
- Change their 1Password password regularly.
- Use a strong, unique password for their 1Password account.
- Enable two-factor authentication for their 1Password account.
- Be careful about clicking on links in emails or messages from unknown senders.
What This Incident Means for IAM and Password Management Security
The 1Password incident highlights the importance of strong security practices for both IAM and password management platforms. IAM platforms like Okta need to implement robust security controls to protect their customers’ data. All Password managers need to implement multi-factor authentication and other security measures to protect their users’ passwords.
Organizations that use Okta or other IAM platforms should review their security policies and procedures to ensure that they are taking all necessary precautions to protect their data. Organizations that use password managers should also review their security settings and enable multi-factor authentication for all users.
- GoTo’s LastPass Breach: Encrypted Customer Data Taken
- Fake Bitwarden Password Manager Website Drops Windows ZenRAT
- PasswordState password manager’s update hijacked to drop malware
- LastPass Employee PC Hacked with Keylogger to Access Password Vault
- Passwords by Kaspersky Password Manager exposed to brute-force attack