1Password Faces Security Breach Following Okta Hack

1Password Faces Security Breach Following Okta Hack

No user data compromised nor breach at 1Password; despite Okta breach, hackers failed to target the password manager

In a recent blog post, 1Password has stated that they detected "suspicious activity" in one of their employee-focused Okta systems. This suspicious activity was a result of a data breach in Okta. Fortunately, 1Password assures that there has been no compromise of user data or any other sensitive systems, whether employee-focused or user-focused, which means that customers' passwords remain secure.

The mentioned "suspicious activity" took place on September 29th and was promptly identified and stopped by 1Password. Soon after, an investigation was initiated, and 1Password collaborated with Okta to identify the hacker's method of attack. It was ultimately determined by Okta that the attack originated from their own customer support system. This system, designed to replicate and troubleshoot customers' web activity, contains session tokens and other information that could potentially be exploited for hacking or impersonation purposes. Okta then made contact with the affected customers on October 19th and publicly disclosed the data breach on October 20th.

Okta, a cybersecurity service, experienced a data breach in January 2022, marking its second significant breach within a two-year span. Notably, Okta's clients include renowned companies such as Caesars Entertainment and MGM Resorts, which were affected by cyberattacks in September 2023. It is crucial to clarify that Okta itself was not compromised during these casino cyberattacks; rather, hackers targeted the IT personnel at the casinos.

The exact extent of this data breach remains unknown. However, it is worth mentioning that BeyondTrust, another company, also detected "suspicious activity" in its Okta systems. On October 2nd, BeyondTrust reported this potential breach to Okta, but Okta did not acknowledge the report until October 19th, as per BeyondTrust.

Okta's delay in cooperating with BeyondTrust and the two-week timeframe for disclosing the breach remain unclear. Analyst Andrew Nowinski from Wells Fargo speculates that Okta may have been unaware of the breach and lacked the internal capability to detect it. However, there is insufficient evidence to support this assessment, and it is uncommon to immediately learn about a data breach when it happens.

To clarify, only 1Password's employee-facing Okta systems were affected by this incident. The 1Password system itself was not compromised, so there is no need to worry about your passwords being compromised. This situation is not as severe as the LastPass hack. It is important to note that 1Password user databases are encrypted. Even if a hacker manages to steal your database, they would still need to gain access to your phone or computer to retrieve the decryption key.

Source: 1Password