Found out about an Okta breach that affected 1Password. Okta is a security provider that was hacked and their services are used by 1Password. It seems no login information was obtained by the hackers, but in my case I never upgraded to 1Password 8 for this same risk. I prefer to have my passwords under my control and not in a 3rd party cloud. But that is my preference. I have pasted below the links to the articles.
The Okta breach article I found:
The related 1Password article:
1Password has provided an overview and technical details of the incident.
I’m sure 1Password is constantly under attack, just like Apple, Google, Amazon, every bank, and even TidBITS.
Thanks for sharing this.
Fortunately, it sounds like it was Okta’s support platform, not their core IDP/SSO/MFA services that got hacked here.
Okta is the massive behemoth in the online security industry, having gobbled up Auth0 not too long back, who themselves were quite large. I’ve spent a lot of time chatting with both in the last couple years. They have very sophisticated products that are very capable and very expensive. But where money is no object, they get the job done. But that just means if they get (truly) hacked, the risk of exposure is greater.
It would be cool to dive into what is hopefully many layers of 1Password security, to better understand how safe we are who use this service. Most likely, the depth I would want is proprietary and considered a security secret.
I’m hoping they will give some info on their pordcast.
Have you read 1Password’s papers on the subject? https://1passwordstatic.com/files/security/1password-white-paper.pdf
From what I understand 1Password doesn’t store any key that would be required to access your data.