The recognized password manager 1Password announced that it was the target of a hacker invasion at the end of September, however, the company assures its customers that personal information remains intact.
According to an official statement issued by 1Password, suspicious activities were detected on September 29, which led the company's team to take immediate action.
see more
Attention! New 'Pix scam' is being applied via links…
Meta is sued in the USA for allegedly 'harming health...
With the intervention of the company's team, the invasion was promptly interrupted, followed by a thorough investigation, which did not reveal any compromise of user data or other confidential systems, whether related to employees or customers.
The company explained that the hackers targeted their efforts at the Okta instance associated with the support system.
Okta is an enterprise identity management service that plays a key role in ensuring users' security when logging in and accessing their accounts.
A part of 1Password's support system allows customers to upload files to assist with identifying issues. However, most of these types of files store sensitive information. This includes, for example, passwords and tokens session.
(Image: disclosure)
As detailed in the report released by 1Password, attackers exploited this vulnerability to acquire a session cookie belonging to an employee in the company's IT department.
The attacker later attempted to access the collaborators panel and request a list of system administrators.
The company highlighted that Okta blocked the hacker's attempt to access the employee dashboard, at the same time that it automatically sent an email alert to all administrators of the account.
Following the incident, 1Password implemented additional measures to strengthen the security of its system, including adopting stricter login policies for administrators and reducing the number of users with access to control accounts.
The company reassured users by ensuring that their personal information remains secure. However, it is recommended that customers regularly update your access keys and passwords, or consider using passkeys, in order to strengthen the security of your accounts.
At Trezeme Digital, we understand the importance of effective communication. We know that every word matters, which is why we strive to deliver content that is relevant, engaging and personalized to meet your needs.