1Password detected suspicious activity on its Okta instance for managing employee-facing apps but “found no compromise of user data or other sensitive systems”
1Password CTO says investigation found no compromise of user data or sensitive systems.
Ars Technica Dan Goodin
Related Coverage
- Okta Support System incident and 1Password 1Password Blog · Pedro Canahuati
- 1Password discloses security incident linked to Okta breach BleepingComputer · Lawrence Abrams
- No, 1Password Has Not Just Been Hacked—Your Passwords Are Safe Forbes · Davey Winder
- Security Incident report 1Password
- 1Password: No User Data Accessed In Okta-Linked Incident CRN · Kyle Alspach
- 1Password Detects Suspicious Activity Following Okta Support Breach The Hacker News
- Hackers targeted 1Password after Okta breach, but your logins are safe Digital Trends · Alex Blake
- 1Password suffers cybersecurity incident after latest Okta breach Tech Monitor · Matthew Gooding
- How did the Okta Support breach impact 1Password? Security Affairs · Pierluigi Paganini
- Okta cybersecurity breach wipes out more than $2 billion in market cap CNBC · Rohan Goswami
- Cybersecurity firm Okta lost $2 billion in market cap as data breach woes deepen TechStartups · Nickie Louise
- 1Password reveals minor Okta data breach that doesn't involve your personal data or passwords BGR · Chris Smith
- 1Password says it might have been targeted following Okta breach TechRadar
- 1Password thwarts hacking attempt linked to Okta security breach BetaNews · Brian Fagioli
- 1Password says its internal Okta account was breached in security incident 9to5Mac · Arin Waichulis
- 1Password discloses data breach Cybernews.com · Jurgita Lapienytė
- Okta Stock Falls Again On Worries About Data Breach Impact Investor's Business Daily · Reinhardt Krause
- 1Password Detected ‘Suspicious Activity’ Tied to Okta Breach iPhone in Canada Blog · John Quintet
- Okta suffers a security breach — hackers gain access to sensitive customer info Mashable · Chance Townsend
- 1Password Discloses Security Breach Linked to Okta RestorePrivacy · Heinrich Long
- “According to 1Password, a member of its IT team created a HAR file and uploaded it to the Okta Support Portal. After which, on September 29, a threat actor using the same Okta authentication session from the HAR file accessed 1Password's Okta administrative portal.” … @isotopp@chaos.social · Kris
- HAHAHAFUCK. https://www.bleepingcomputer.com/ ... @grissallia@aus.social
- I'm impressed (as I usually am) with 1Password. This is the way to discuss a hacking attempt. — While others hide breach information … Dave Strickler
- 1Password discloses security incident linked to Okta breach Hacker News
- Okta Support System Incident and 1Password Hacker News
- 1Password Discloses Security Incident Linked To Okta Breach Slashdot · BeauHD
- 1Password detects “suspicious activity” in its internal Okta account Ars OpenForum
Discussion
-
@AnnemarieBridy@mastodon …
Annemarie Bridy
on mastodon
FFS, it hasn't even been six months since I ditched LastPass to move to 1Password. — 1Password detects “suspicious activity” in its internal Okta account | Ars Technica https://arstechnica.com/...
-
@insiderphd
Katie Paxton-Fear
on x
i can't believe i pay $5 a month for a password manager and they can't shell out the same for malware bytes
-
@c7five
Nick Percoco
on x
Product placements in incident reports help reduce the cost of the investigation...
-
@jfslowik
Joe Słowik
on x
OK, the quoted post appears to be picking up steam.... gentle reminder that yeah this is a “WTF???” observation but I bet the org is hardly alone in having to “wing it” in certain situations due to failures to account for certain scenarios in IR events.
-
@attrc
Andrew Case
on x
The malwarebytes scan is enough to make everyone run from @1Password and never look back
-
@jfslowik
Joe Słowik
on x
I'm sorry, what??? [image]
-
@syndrowm
@syndrowm
on x
Good stuff from the @1Password incident response. Every incident is an opportunity to improve. https://blog.1password.com/... [image]
-
@xillwillx
@xillwillx
on x
https://blog.1password.com/... [image]
-
@dagrz
Daniel Grzelak
on x
The @1Password incident report resulting from the Okta breach is really good. The level of transparency is something to aspire to, espcially about the things not known. Usually we get “no evidence to suggest” instead. https://blog.1password.com/...
-
@dcuthbert
Daniel Cuthbert
on x
“and was scanned with the free version of Malwarebytes, which reported no findings” hmmm.... https://blog.1password.com/... [image]
-
@citcsmobile
James Clark
on x
Holy shit... https://1password.com/'s security response is “We ran the free version of malwarebytes” I don't even know what to say... https://blog.1password.com/... [image]
-
@ejcx_
Evan J
on x
This Okta breach is notable because BeyondTrust, Cloudflare, and 1Password all detected this before Okta did. How though? It looks like the threat actor may have been triggering Okta emails that tipped off the victims. Maybe we'll hear from more? https://blog.1password.com/... [i…
-
@r0wdy_
Ham Elliot
on x
If you use okta, you need to be monitoring for idp addition/modification events. Also most actions in okta are given a risk score based on criteria like device, ip, and location compared against previous actions. Flag high risk tagged events, like admin dashboard access, idp, etc
-
@kn0wmadic
Ryan
on x
I don't think people really understand how single threaded this entire ecosystem is. Okta -> 1Password is a murderous pivot if successful.
-
@mattjay
Matt Johansen
on x
Well shit. 1Password disclosed breach tied to Okta incident. https://blog.1password.com/...
-
@1password
@1password
on x
We detected suspicious activity on our Okta instance but confirmed no user data was accessed. Pedro Canahuati, our CTO, provides more information in this blog post https://blog.1password.com/..., which includes our internal Okta Incident Report for additional details.
-
r/1Password
r
on reddit
1Password detects “suspicious activity” in its internal Okta account