Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Suspicious Activity on 1Password Linked to Okta Support Breach

Executive Summary

1Password, a popular password management solution, detected suspicious activity on its Okta instance following Okta’s support system breach. However, 1Password specifically stated that no user data was accessed.

This incident emphasises the link between the Okta breach and its potential impact on companies that rely on Okta’s services. Please refer to our recent article for more information about the Okta breach.

Other companies that are known to have been impacted by the incident include BeyondTrust and Cloudflare.

Information Shared by 1Password

According to information shared by 1Password, the breach was discovered when an IT team member received an email about a “requested” administrative user report, prompting an investigation. It was determined that the breach occurred when a session cookie was used after the IT team member shared a HAR file with Okta Support.

According to Pedro Canahuati, 1Password CTO, the suspicious activity on their Okta instance was immediately terminated, and no compromise of user data or sensitive systems was found. 1Password has been working closely with Okta to address the incident and enhance security measures.

To strengthen security, 1Password has implemented measures such as denying logins from non-Okta IDPs, reducing session times for administrative users, and implementing tighter MFA rules.

For more information, please refer to 1Password’s blog post regarding this incident.


The Okta breach could impact companies using Okta’s services, especially those who raised a support case recently and provided a HAR file. A greater number of companies are likely to be affected by the Okta breach, and further updates on the extent of the impact could be anticipated.

It is crucial for organisations to stay updated on the security updates and announcements made by the service providers they rely on.

Promptly monitoring systems and identifying any suspicious activities can help prevent potential breaches, as demonstrated by 1Password.

Being transparent about security incidents enables customers to take decisive actions to protect themselves. It’s imperative for service providers to promptly inform their customers, and equally crucial for customers to respond swiftly to secure their systems and data following such incidents



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.