1Password reports Okta breach-related incident

Suspicious activity has been identified by widely used password manager 1Password in an Okta instance leveraged for employee-facing app management, which has been confirmed to be related to the compromise of Okta's customer support management system, reports Ars Technica. After being sent fraudulent emails purporting as a request for a list of users with admin rights to the Okta instance on Sept. 29, 1Password's IT team immediately notified its security response team and promptly modified its Okta tenant's configuration settings to prevent logins from identity providers other than Okta. Despite modifying and activating an existing IDP linked to the Google environment of 1Password, the password manager's immediate removal of the IDP thwarted attempted access by the attackers on Oct. 2. "We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing," said 1Password Chief Technology Officer Pedro Canahuati.