No, 1Password wasn’t hacked – here’s what really happened

Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed. That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light. In a blog post on the 1Password website, the company’s Chief Technology Officer (CTO) Pedro Canahuati explained that the incident occurred shortly after a period of planned maintenance was completed. After the maintenance work finished, “our service received an unexpected spike in sync requests from client devices to the servers,” Canahuati explained. The CTO clarified that when that happened, “users erroneously received a message indicating that their Secret Key or password had changed.” More specifically, 1Password’s servers in the U.S. sent an error code to users’ apps, which those apps interpreted incorrectly, leading to the worrisome message. So @1Password was undergoing maintenance, so the app wasn't connecting to the server. And it decided the best error message to show people was "your secret key or password was recently changed". 🤡🤡🤡 Bruh can you not give me a damn heart attack, thanks. — ThioJoe (@thiojoe) April 28, 2023 Fortunately, Canahuati noted that no user passwords or Secret Keys had been changed and that all user data was safe throughout the incident. Still, it would no doubt have been an anxious period for many users as they wondered whether their passwords, credit card info, and other sensitive data had been compromised. It also raises questions over how the 1Password app could have misinterpreted the error code they received. Canahuati said 1Password will analyze what went wrong, “refine our migration process and error handling,” and “ensure that we properly plan for these scenarios in the future.” The incident is not the first time a password manager has been on the hook for a security breach, real or otherwise. For the past few months, LastPass has been embroiled in a scandal surrounding a data breach it suffered, wherein user data appears to have been accessed and stolen by nefarious actors. When news of the breach first surfaced, LastPass played it down, claiming there was nothing to worry about. Over time, however, the company revealed more and more damning information, leading to severe criticism of the way it handled the security failure. Hopefully, we won’t see a similar situation play out with 1Password. Password managers are a lucrative target for hackers given the highly sensitive data they safeguard, and so any perceived lapse can cause a great deal of consternation among worried users. If you want to tighten up your security, though, there are plenty of things you can do. We’ve analyzed the best password managers on the market to help you find the right one for your needs, and there are also ways to improve your passwords and keep your data safe. That should help keep your important data as safe as can be. No one wants to fall victim to ransomware, but a new report from blockchain security firm Chainalysis claims that ransomware payments could be set for a record-breaking year, with criminals raking in close to half a billion dollars just seven months into 2023. According to the analysis, ransomware payments this year have totaled $449.1 million so far. That’s $175.8 million more than this time last year, suggesting that hackers have doubled down on this method of extracting money from unfortunate victims. One thing that celebrities have in common with everyday people is that they are also susceptible to cybersecurity breaches. Many public figures have had their private and public tech accounts hacked over the years and these attacks have often been due to them simply having weak passwords that were easy for bad actors to figure out. Socialites, actors, politicians, and even prominent tech figures are guilty of lazy password practices, and falling victim to cybercrime that has compromised their passwords.
President Donald Trump The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached. In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text — in other words, in an unencrypted form — simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications. Upgrade your lifestyleDigital Trends helps readers keep tabs on the fast-paced world of tech with all the latest news, fun product reviews, insightful editorials, and one-of-a-kind sneak peeks.