Found out about an Okta breach that affected 1Password. Okta is a security provider that was hacked and their services are used by 1Password. It seems no login information was obtained by the hackers, but in my case I never upgraded to 1Password 8 for this same risk. I prefer to have my passwords under my control and not in a 3rd party cloud. But that is my preference. I have pasted below the links to the articles.
Fortunately, it sounds like it was Okta’s support platform, not their core IDP/SSO/MFA services that got hacked here.
Okta is the massive behemoth in the online security industry, having gobbled up Auth0 not too long back, who themselves were quite large. I’ve spent a lot of time chatting with both in the last couple years. They have very sophisticated products that are very capable and very expensive. But where money is no object, they get the job done. But that just means if they get (truly) hacked, the risk of exposure is greater.
It would be cool to dive into what is hopefully many layers of 1Password security, to better understand how safe we are who use this service. Most likely, the depth I would want is proprietary and considered a security secret.