Impact of SolarWinds news on 1Password [Not affected]

jmjm
jmjm
Community Member
edited December 2020 in Lounge

As I am sure "all" of you have seen yesterday and today the Net is 'abuzz' with serious electronic incursion into many US Government Agencies very most likely by a foreign power(s).

eg https://www.usatoday.com/story/tech/2020/12/13/us-government-agencies-hacked-russia-suspected/6535305002/

Given the ever increasing importance of pw managers surely it must be a regular occurrence that a manager's defenses are attempted to be breached. Scary stuff for sure I would imagine.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    @jmjm - we don't sleep.

    OK, that's not true, we do. ;) But you're absolutely right: this appears to have been the real deal: a genuine APT (advanced persistent threat) that seriously compromised a specific target.

    In terms of the day-to-day of 1Password, there isn't much change as a result of the recent news as of yet. This attack that affected so many organizations was the result of a single, targeted supply chain attack against a specific vendor by a very well-resourced attacker. The dust has not yet settled, but there are likely to be lessons for everyone to be learned from this. We will learn what we can as the scope and specifics of this attack become more clear. To be clear: 1Password is not affected by this incident; we do not use the Solarwinds Orion platform that was compromised. But we'll keep a close eye on developments as we all learn more.

  • mike_uk
    mike_uk
    Community Member

    Am relieved to hear you are not using the SolarWinds Orion product.

    But are your servers hosted by a 3rd party ? If so do they use the SolarWinds Orion product ?

  • jmjm
    jmjm
    Community Member
    edited December 2020

    (I am the OP for this thread but this was not the title of the thread that I created on Dec 14. I take it a TEAM MEMBER changed the title on December 20. It isn't so much the new title that bothers me but rather the principle of doing such w/o informing the OP, in advance).

  • yohst
    yohst
    Community Member

    @Lars; so if you had been using Solarwinds Orion platform, would this have been a problem for you, for us?

  • Lars
    Lars
    1Password Alumni

    @mike_uk - yes, we use Amazon's AWS platform for physical hosting of the 1Password.com server architecture. No, Amazon does not use Solarwinds Orion platform by default. In fact, Solarwinds themselves maintain a how-to page for AWS users who wish to set it up -- precisely because an AWS customer would specifically and intentionally have to add it if they wanted it. We didn't, and don't.

  • Lars
    Lars
    1Password Alumni

    @jmjm - yes, the title of the post was changed. We do this on certain threads because of search engine visibility, or to provide clarity for other users scanning our community pages for threads of interest to them.

  • Lars
    Lars
    1Password Alumni

    @yohst - I'm not going to speculate regarding hypotheticals on what is still a developing situation.

This discussion has been closed.