1Password: Difference between revisions

Line 34:

===1Password Okta instance breach, discovered (''29 Sept 2023'')===

1Password published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web |last=Canahuati |first=Pedro |date=2023-10-23 |title=Okta Support System incident and 1Password |url=https://blog.1password.com/okta-incident/ |url-status=live |archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Blog}}</ref> ~~It largely appears one of~~ the attackers actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported user data was ~~not~~ exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref>

On September 28, 2023, the Okta Help Center suffered a security incident. During the breach, the attackers were able to extract sensitive data from the customer support system.<ref>{{Cite web |last=Bradbury |first=David |date=2023-11-29 |title=October Customer Support Security Incident - Update and Recommended Actions |url=https://sec.okta.com/articles/october-security-incident-recommended-actions/ |url-status=live |archive-url=https://web.archive.org/web/20240720042135/sec.okta.com/articles/october-security-incident-recommended-actions/ |archive-date=2024-07-20 |access-date=2026-01-05 |website=Okta Security}}</ref>

1Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web |last=Canahuati |first=Pedro |date=2023-10-23 |title=Okta Support System incident and 1Password |url=https://blog.1password.com/okta-incident/ |url-status=live |archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref>

File:Okta-incident-report.pdf|PDF document report of the breach (click twice to open)

@@ Line 34: / Line 34: @@
 ===1Password Okta instance breach, discovered (''29 Sept 2023'')===
-Password published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web |last=Canahuati |first=Pedro |date=2023-10-23 |title=Okta Support System incident and 1Password |url=https://blog.1password.com/okta-incident/ |url-status=live |archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Blog}}</ref> It largely appears one of the attackers actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported user data was not exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref> <!-- An archived copy is available at https://consumerrights.wiki/images/1/12/Okta-incident-report.pdf by clicking the below picture, but I'm not sure it's the most intuitive way to access it for whoever CRW will be presented to as evidence as it requires clicking twice. Maybe I'm overthinking this... -raster  -->
+On September 28, 2023, the Okta Help Center suffered a security incident. During the breach, the attackers were able to extract sensitive data from the customer support system.<ref>{{Cite web |last=Bradbury |first=David |date=2023-11-29 |title=October Customer Support Security Incident - Update and Recommended Actions |url=https://sec.okta.com/articles/october-security-incident-recommended-actions/ |url-status=live |archive-url=https://web.archive.org/web/20240720042135/sec.okta.com/articles/october-security-incident-recommended-actions/ |archive-date=2024-07-20 |access-date=2026-01-05 |website=Okta Security}}</ref>
+Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web |last=Canahuati |first=Pedro |date=2023-10-23 |title=Okta Support System incident and 1Password |url=https://blog.1password.com/okta-incident/ |url-status=live |archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref> <!-- An archived copy is available at https://consumerrights.wiki/images/1/12/Okta-incident-report.pdf by clicking the below picture, but I'm not sure it's the most intuitive way to access it for whoever CRW will be presented to as evidence as it requires clicking twice. Maybe I'm overthinking this... -raster  -->
 <gallery>
 File:Okta-incident-report.pdf|PDF document report of the breach (click twice to open)