Skip to main content

Hackers targeted 1Password after Okta breach, but your logins are safe

Security credentials like usernames and passwords are a tempting target for hackers, and even the best password managers can come under threat from time to time. That was the case recently with the popular password manager 1Password, which recently disclosed (via Bleeping Computer) that its Okta support system was breached by malicious hackers.

Fortunately, it doesn’t appear that any customer data was stolen, so if you use 1Password, your login info should be safe for now. However, it’s always good to regularly update your passwords (or use passkeys) just in case they fall into the wrong hands.

A dark mystery hand typing on a laptop computer at night.
Andrew Brookes / Getty Images

In a blog post on its website, 1Password explained the situation. “We detected suspicious activity on our Okta instance related to their Support System incident,” 1Password said. “After a thorough investigation, we concluded that no 1Password user data was accessed.”

After detecting suspicious activity on September 29, 1Password “immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.”

The Okta connection

A person using 1Password on a desktop all-in-one computer while sat at a desk. There are two laptops next to them on the desk.
1Password / AgileBits

The link with Okta is interesting because it reveals a key vulnerability. Okta helps companies manage their users and ensure everyone can log in securely, and it also offers support for this process. As part of that, customers sometimes upload file archives to help diagnose problems, but these archives can contain sensitive data like session tokens and login data.

According to a detailed report from 1Password, a hacker stole a session cookie from a 1Password IT employee, then attempted to access the worker’s dashboard and request a list of admin users. Fortunately, the former action was blocked by Okta, while the second led to an automated email being sent to other 1Password admins, which alerted them to the breach.

While your login info is safe — no user data appears to have been accessed by the hacker — it shows just how easily seemingly secure systems can be breached by bad actors. In response to the incident, 1Password says it has reduced the number of “super admin” users, implemented tighter login rules for admins, and taken other measures.

Despite this episode, you should still pick one of the best password managers to keep your login data safe. After all, using an app to create and store unique passwords for you is far safer than using the same easily guessable login info for every account.

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Read more
Hacker sent to jail for huge 2020 Twitter breach
A Twitter logo graphic.

A British man who took part in a high-profile Twitter hack in 2020 was handed a five-year jail term by a New York federal court on Friday.

Joseph O’Connor, 24, had pled guilty in May to four counts of computer hacking, wire fraud, and cyberstalking. He was also ordered to pay $794,000, the amount that he nabbed in the crypto crime.

Read more
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more