No, 1Password wasn’t hacked – here’s what really happened
1Password users recently got a worrying alert saying their password manager Secret Keys had been changed behind their backs. Yet all was not what it seemed.
ShanonG
Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed.
That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light.
1Password / AgileBitsIn a blog post on the 1Password website, the company’s Chief Technology Officer (CTO) Pedro Canahuati explained that the incident occurred shortly after a period of planned maintenance was completed. After the maintenance work finished, “our service received an unexpected spike in sync requests from client devices to the servers,” Canahuati explained.
The CTO clarified that when that happened, “users erroneously received a message indicating that their Secret Key or password had changed.” More specifically, 1Password’s servers in the U.S. sent an error code to users’ apps, which those apps interpreted incorrectly, leading to the worrisome message.
So @1Password was undergoing maintenance, so the app wasn't connecting to the server. And it decided the best error message to show people was "your secret key or password was recently changed". 🤡🤡🤡
Bruh can you not give me a damn heart attack, thanks.
— ThioJoe (@thiojoe) April 28, 2023
Fortunately, Canahuati noted that no user passwords or Secret Keys had been changed and that all user data was safe throughout the incident. Still, it would no doubt have been an anxious period for many users as they wondered whether their passwords, credit card info, and other sensitive data had been compromised.
It also raises questions over how the 1Password app could have misinterpreted the error code they received. Canahuati said 1Password will analyze what went wrong, “refine our migration process and error handling,” and “ensure that we properly plan for these scenarios in the future.”
Password manager woes
1Password / AgileBitsThe incident is not the first time a password manager has been on the hook for a security breach, real or otherwise. For the past few months, LastPass has been embroiled in a scandal surrounding a data breach it suffered, wherein user data appears to have been accessed and stolen by nefarious actors.
When news of the breach first surfaced, LastPass played it down, claiming there was nothing to worry about. Over time, however, the company revealed more and more damning information, leading to severe criticism of the way it handled the security failure.
Hopefully, we won’t see a similar situation play out with 1Password. Password managers are a lucrative target for hackers given the highly sensitive data they safeguard, and so any perceived lapse can cause a great deal of consternation among worried users.
If you want to tighten up your security, though, there are plenty of things you can do. We’ve analyzed the best password managers on the market to help you find the right one for your needs, and there are also ways to improve your passwords and keep your data safe. That should help keep your important data as safe as can be.
Editors' Recommendations
LastPass reveals how it got hacked — and it’s not good news Flipboard hack prompts password reset for millions of users 1Password bets $100,000 that security experts can't break into its systems 1Password's new subscription service keeps your passcodes safe for $3 per month 1Password set to be the first password manager for HoloLens
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Microsoft’s new Designer app makes generative AI dead simple
The Microsoft Designer app is now available as a public preview after the brand first announced it in October 2022.
The Designer app is Microsoft's productivity spin on AI art tools such as OpenAI's DALL-E 2, which also gained popularity last year.
After 15 years, Intel may be killing the Core i5 and Core i7
The Core "i" branding of Intel processors has been around for 15 years, first appearing in its "first-generation" Core chips launched in 2008. Now, that's some legacy.
But Intel has confirmed that in its upcoming Meteor Lake chips, it's doing away with the naming scheme entirely. In place of the instantly recognizable Core i3, i5, i7, and i9 brands, Intel will be using "Core Ultra" in these new chips. The details, however, are not yet known.
Surprise — Redfall on PC is yet another problematic port
The early impressions of Redfall aren't positive, and its PC performance isn't doing the game any favors. I originally came into this story with a specific angle about how certain GPUs would struggle to run the game more than others, but the more I dug in, the more I realized there are compromises no matter where you look.
On one hand, Redfall is a relief due to the fact that it even runs in the first place, especially among games like Star Wars Jedi: Survivor and The Last of Us Part 1 that have launched in dire states. It's still hard overlooking the problems in the PC port, though, which are present if you're not running the latest and greatest hardware.
Lesser of two evils
