1Password: Okta account hacked, here's how it happened

Millions of people and over 100,000 companies use it 1Password as a password manager. Unfortunately, despite robust security measures, there is always the possibility of encounters suspicious activitiesas communicated by the Canadian company itself in these hours: some hackers have had access to theOkta internal management account.

«On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps», said Pedro Canahuati, CTO of 1Password. «We immediately stopped the activity and investigated, and found no compromise of user data or other systems».

1Password Okta Instance Hack: What Happened

According to the company, a member of 1Password’s IT team committed the crime un file HAR and then uploaded it to the Okta support portal. Subsequently, on September 29 as stated, a hacker accessed 1Password’s Okta administrative portal using the same Okta authentication session as the HAR file.

«The generated HAR file was confirmed to contain the necessary information for a hacker to take control of the user’s session», explained the company in the security report.

However, the situation appears to be under control, in fact there would be no consequences: «We have no evidence that the hacker accessed systems outside of Okta. The activity we detected suggests that the attacker conducted some sort of initial reconnaissance with the intent of gathering information for a later, more sophisticated attack».

The attack was discovered by the Toronto-based company deleted sessions and updated credentials for its employees working on Okta. There are also several Okta configuration changes planned, such as blocking logins from unknown IDPs and reducing administrative user session times.


Please enter your comment!
Please enter your name here