The worrying alert many users received recently regarding changes to their secret key or password was caused by a service disruption and not a security breach, 1Password chief technology officer (CTO) Pedro Canahuati said on Tuesday.
Many 1Password users in the US were alarmed on April 27 after receiving an alert that said, “Your Secret Key or password was recently changed.” Some users took to social media to voice their concerns. The company quickly clarified that the alerts are the “unintended side effect” of scheduled maintenance. Canahuati has shed more light on the incident in a blog post.
“This was not a security incident, and customer data was not affected in any way,” he explained.
‘Brief Service Outage’
According to Canahuati, 1Password migrated several of its backend databases on April 27 as part of routine maintenance. When this was completed, 1Password saw a spike in sync requests to its servers, and for some reason, its systems responded with a “sign-in rejection.”
“Our US servers returned an error code that was interpreted on our client applications incorrectly,” he said. As a result, between 9:03 p.m. and 9:26 p.m. ET, many 1Password users in the US received this disturbing alert. Canahuati said 1Password closely monitored its systems, and by April 28, no more error messages were sent out.
“We take the integrity of your data and the stability of our systems very seriously and will continue to work hard every day to earn the trust you’ve placed in us,” he said.
This is not the first time 1Password users have received this alert out of the blue. A December 2022 thread on the 1Password support page shows complaints about the same issue. It’s unclear why the alert was sent out in that instance.
To avoid a similar incident in the future, Canahuati said 1Password is digging into the underlying cause and will refine its migration process and error handling.
Protecting Your Accounts
It’s more important than ever to use strong, unique passwords for all your accounts. A recent report by Home Security Heroes revealed that artificial intelligence (AI) can crack 51 percent of passwords in less than a minute. For optimal security, the report recommends using long passwords — at least 14 characters — that contain a combination of numbers, uppercase and lowercase letters, and symbols.
Password managers simplify the process of creating secure passwords and take away the hassle of having to remember several complex passwords. Many reviews of 1Password agree that this service is one of the top password managers today. Many users have lost trust in its competitor, LastPass, after a security breach of a third-party cloud storage service exposed user data.
For trustworthy alternatives to 1Password, check out our article on the best password managers of 2023.
