As technology continues to advance, cybercriminals are becoming increasingly crafty in their methods. Even the most trusted digital password managers face persistent threats.
Yesterday, popular password manager 1Password, which is used by over 100,000 businesses, confirmed that it experienced a security breach as a result of a cyberattack on September 29, 2023, which was promptly addressed and users were assured that their data remained secure.
"We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," the company wrote in a blog post on Monday.
In a detailed security incident report, 1password disclosed that a hacker had managed to steal a session cookie from one of the company's IT employees, then attempted to access the employee's dashboard and request a list of admin users. Fortunately, the first intrusion was thwarted by the security system Okta, while the second triggered an automatic email alert to other 1Password administrators, effectively sounding the alarm about the breach.
Following the breach, 1Password says it has taken proactive steps to bolster its security measures, including a reduction in the number of 'super admin' users and the implementation of stricter login protocols for administrators.
While this thwarted incident may offer some comfort to 1Password users, it underscores the unsettling reality that even seemingly impregnable security systems can fall prey to malicious actors.
This isn't the first time that secure password managers have been targeted by malicious attacks. Similar incidents occurred with other password managers such as OneLogin in 2017, Keepler and Roboform in 2020, and LastPass in 2022.
No doubt these threats come with their hefty costs. According to Cybersecurity Ventures, the projected cost of damages due to cyber attacks is set to reach $6 trillion in 2023.
In light of these cybersecurity challenges, users are advised to change their passwords regularly, use complex passwords, enable two-factor authentication, and/or consider the adoption of passkeys to mitigate potential risks.