Skip to main content

No, 1Password wasn’t hacked – here’s what really happened

Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed.

That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light.

A person using the 1Password password manager on a laptop while sat on a couch.
1Password / AgileBits

In a blog post on the 1Password website, the company’s Chief Technology Officer (CTO) Pedro Canahuati explained that the incident occurred shortly after a period of planned maintenance was completed. After the maintenance work finished, “our service received an unexpected spike in sync requests from client devices to the servers,” Canahuati explained.

The CTO clarified that when that happened, “users erroneously received a message indicating that their Secret Key or password had changed.” More specifically, 1Password’s servers in the U.S. sent an error code to users’ apps, which those apps interpreted incorrectly, leading to the worrisome message.

So @1Password was undergoing maintenance, so the app wasn't connecting to the server. And it decided the best error message to show people was "your secret key or password was recently changed". 🤡🤡🤡

Bruh can you not give me a damn heart attack, thanks.

— ThioJoe (@thiojoe) April 28, 2023

Fortunately, Canahuati noted that no user passwords or Secret Keys had been changed and that all user data was safe throughout the incident. Still, it would no doubt have been an anxious period for many users as they wondered whether their passwords, credit card info, and other sensitive data had been compromised.

It also raises questions over how the 1Password app could have misinterpreted the error code they received. Canahuati said 1Password will analyze what went wrong, “refine our migration process and error handling,” and “ensure that we properly plan for these scenarios in the future.”

Password manager woes

A person using 1Password on a desktop all-in-one computer while sat at a desk. There are two laptops next to them on the desk.
1Password / AgileBits

The incident is not the first time a password manager has been on the hook for a security breach, real or otherwise. For the past few months, LastPass has been embroiled in a scandal surrounding a data breach it suffered, wherein user data appears to have been accessed and stolen by nefarious actors.

When news of the breach first surfaced, LastPass played it down, claiming there was nothing to worry about. Over time, however, the company revealed more and more damning information, leading to severe criticism of the way it handled the security failure.

Hopefully, we won’t see a similar situation play out with 1Password. Password managers are a lucrative target for hackers given the highly sensitive data they safeguard, and so any perceived lapse can cause a great deal of consternation among worried users.

If you want to tighten up your security, though, there are plenty of things you can do. We’ve analyzed the best password managers on the market to help you find the right one for your needs, and there are also ways to improve your passwords and keep your data safe. That should help keep your important data as safe as can be.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
LastPass reveals how it got hacked — and it’s not good news
A depiction of a hacker breaking into a system via the use of code.

Last year was a particularly bad one for password manager LastPass, as a series of hacking incidents revealed some serious weaknesses in its supposedly rock-solid security. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking.

It all began in August 2022, when LastPass revealed that a threat actor had stolen the app’s source code. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. That allowed them to install a keylogger onto the computer of a senior engineer at the company.

Read more
This huge password manager exploit may never get fixed
A large monitor displaying a security hacking breach warning.

It’s been a bad few months for password managers -- albeit mostly just for LastPass. But after the revelations that LastPass had suffered a major breach, attention is now turning to open-source manager KeePass.

Accusations have been flying that a new vulnerability allows hackers to surreptitiously steal a user’s entire password database in unencrypted plaintext. That’s an incredibly serious claim, but KeePass’s developers are disputing it.

Read more
The best password managers for 2024
have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we

If you're thinking about getting a new password manager, we can help narrow down your choices. Here's a list of the best and most secure solutions for taking your logins with you wherever you go, no matter what device you use.
No more retyping passwords every time you switch from your Windows PC to your iPhone or from a Mac to an Android phone. These premium password managers have more than just the basics, making your life easier and keeping your accounts safe at affordable prices.

1Password (Windows, Mac, iOS, Android, Linux, and Chrome OS)

Read more