By Alex Blake October 24, 2023 2:19AM
Security credentials for illustration usernames and passwords are a tempting target for hackers, and moreover nan best password managers tin travel nether threat from clip to time. That was nan lawsuit precocious pinch nan celebrated password head 1Password, which recently disclosed (via Bleeping Computer) that its Okta support strategy was breached by malicious hackers.
Fortunately, it doesn’t look that immoderate customer information was stolen, truthful if you usage 1Password, your login info should beryllium safe for now. However, it’s ever bully to regularly update your passwords (or use passkeys) conscionable successful lawsuit they autumn into nan incorrect hands.
In a blog station connected its website, 1Password explained nan situation. “We detected suspicious activity connected our Okta lawsuit related to their Support System incident,” 1Password said. “After a thorough investigation, we concluded that nary 1Password personification information was accessed.”
After detecting suspicious activity connected September 29, 1Password “immediately terminated nan activity, investigated, and recovered nary discuss of personification information aliases different delicate systems, either employee-facing aliases user-facing.”
The Okta connection
The nexus pinch Okta is absorbing because it reveals a cardinal vulnerability. Okta helps companies negociate their users and guarantee everyone tin log successful securely, and it besides offers support for this process. As portion of that, customers sometimes upload record archives to thief diagnose problems, but these archives tin incorporate delicate information for illustration convention tokens and login data.
According to a detailed study from 1Password, a hacker stole a convention cooky from a 1Password IT employee, past attempted to entree nan worker’s dashboard and petition a database of admin users. Fortunately, nan erstwhile action was blocked by Okta, while nan 2nd led to an automated email being sent to different 1Password admins, which alerted them to nan breach.
While your login info is safe — nary personification information appears to person been accessed by nan hacker — it shows conscionable really easy seemingly unafraid systems tin beryllium breached by bad actors. In consequence to nan incident, 1Password says it has reduced nan number of “super admin” users, implemented tighter login rules for admins, and taken different measures.
Despite this episode, you should still prime 1 of nan best password managers to support your login information safe. After all, utilizing an app to create and shop unsocial passwords for you is acold safer than utilizing nan aforesaid easy guessable login info for each account.
- Hackers are utilizing this incredibly sneaky instrumentality to hide malware
- Hacker sent to jailhouse for immense 2020 Twitter breach
- No, 1Password wasn’t hacked – here’s what really happened
- If you usage this free password manager, your passwords mightiness beryllium astatine risk
- LastPass reveals really it sewage hacked — and it’s not bully news
In ancient times, group for illustration Alex would person been shunned for their nerdy ways and unusual opinions connected cheese. Today, he…
This immense password head utilization whitethorn ne'er get fixed
It’s been a bad fewer months for password managers -- albeit mostly conscionable for LastPass. But aft nan revelations that LastPass had suffered a awesome breach, attraction is now turning to open-source head KeePass.
Accusations person been flying that a caller vulnerability allows hackers to surreptitiously bargain a user’s full password database successful unencrypted plaintext. That’s an incredibly superior claim, but KeePass’s developers are disputing it.
Hackers dug heavy successful nan monolithic LastPass information breach
The cybersecurity breach that LastPass proprietor GoTo reported successful November 2022 keeps getting worse arsenic caller specifications are revealed, calling into mobility nan company's transparency connected this superior issue.
It has been 2 months since GoTo shared nan alarming news that hackers stole nan usernames, passwords, email addresses, telephone numbers, IP addresses, and moreover billing accusation of LastPass users. In GoTo's latest blog update, nan institution reported that respective of its different products were compromised arsenic well.
Hackers conscionable stole LastPass data, but your passwords are safe
The developers down password guidance package LastPass person conscionable shared immoderate concerning news: Bad actors were precocious capable to entree “elements of our customers’ information” successful a caller information breach.
It’s nan 2nd clip successful conscionable a mates of months that LastPass has suffered a information incident, and it appears nan 2 events are straight linked. That’s because LastPass’s developers opportunity that nan unauthorized statement was capable to entree customer information “using accusation obtained successful nan August 2022 incident.”