Security News > 2023 > October > 1Password discloses security incident linked to Okta breach
1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant.
"We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati.
Okta first learned of the breach from BeyondTrust, who shared forensics data with Okta, showing that their support organization was compromised.
In a report released Monday afternoon, 1Password says threat actors breached its Okta tenant using a stolen session cookie for an IT employee.
"Corroborating with Okta support, it was established that this incident shares similarities of a known campaign where threat actors will compromise super admin accounts, then attempt to manipulate authentication flows and establish a secondary identity provider to impersonate users within the affected organization," reads the 1Password report.
There appears to be some confusion about how 1Password was breached, as Okta claims that their logs do not show that the IT employee's HAR file was accessed until after 1Password's security incident.