To protect your privacy: email us with billing or account questions instead of posting here.

Notification regarding the Okta breach

Options
wraith
wraith
Community Member
edited October 2023 in Memberships

In general the article implies a great response from 1Password, however I have received no notifications at all from 1Password regarding this?
https://arstechnica.com/security/2023/10/1password-detects-suspicious-activity-in-its-internal-okta-account/

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • XIII
    XIII
    Community Member
    edited October 2023
    Options

    They did post about this on Mastodon earlier today:

    https://1password.social/@1password/111286962660734558

  • wraith
    wraith
    Community Member
    edited October 2023
    Options

    Mastodon is not exactly the best avenue for posting something like this (or rather not only there), but I see that it links to a blog post which contains good info and nice transparency. Just not sure why customers weren't notified (and a banner for the blog post on the front page).

  • Dave_1P
    Dave_1P
    Options

    Hello @wraith! 👋

    At 1Password, we value transparent communication with our users. At the onset of the incident we determined that no user data was impacted and no recommended actions by our users were necessary. At the conclusion of that investigation, which confirmed no user data was impacted, we released the public blog post and incident report.

    Your trust is paramount to us and while no user data was impacted, we have chosen to make this information public out of an abundance of transparency.

    -Dave

  • ajh0912
    ajh0912
    Community Member
    Options

    I think the main takeaway from this is, subscribe to the 1Password blog.

    I follow them using FreshRSS (among many other feeds), and you can keep on top of what's going on.

    For example, you can see how long it takes for other places to report on this incident compared to when the blog post was published.

    Interestingly, I received an email 03:00 BST this morning from info@email.1password.com 'Okta support system incident and 1Password'. I received it due to being an administrator of a 1Password Teams organisation. I didn't get an email for another organisation that I'm an administrator in, or on my Family account.

    @Dave_1P was this email supposed to be sent to all Teams / Business administrators & Family Organisers?

  • Dave_1P
    Dave_1P
    Options

    @ajh0912

    An email communication was sent to account owners and administrators of business accounts. Please check your spam/junk folder to see if it might have landed there. If you still don't see the email and would like to make sure that you receive emails of this sort in the future then please reach out to your account manager or our business team at businesssupport@1password.com to discuss this in more detail.

    -Dave

  • ajh0912
    ajh0912
    Community Member
    Options

    @Dave_1P thanks, is there any plan to send similar emails to Family Organisers and personal account holders in the future? I think it's just as relevant to them as it would be to businesses.

  • Dave_1P
    Dave_1P
    Options

    Thanks for the feedback, I've shared your comments with the team.

    No action is required on the part of our users and the 1Password service was not affected. This incident was limited to our Okta instance for employee apps, and no user data or sensitive information was accessed. We have no user recommended actions as a result of this incident.

    As mentioned previously, folks interested in learning more can find details about the Okta incident on our blog: Okta incident and 1Password

    -Dave