The popular password manager, 1Password, apologized to its users after mistakenly sending out error messages to users warning that is suffered a data breach. The message said:
“Your Secret Key or password was recently changed. Enter your new account details to continue.”
Obviously, the error message concerned many users who didn’t change their passwords. It would be especially concerning, given that just last year, LastPass, one of 1Passwords’ largest competitors, faced a large-scale data breach where hackers were able to obtain emails, phone numbers, addresses, names, IP addresses, encrypted credentials, and even some of the LastPass source code.
Fortunately, the error code was simply human error. Staff were conducting regularly scheduled maintenance the night the message was sent. During the maintenance, 1Password’s servers detected an abnormal amount of sync requests from client devices. This prompted its systems to misunderstand the request and reject the sign-in attempts, which trigged sending users an error message informing them that their password was recently changed. 1Password assures customers that no passwords or credentials were actually changed or modified. The company said it brought the systems back up, fixed the problems, and resolved its own internal errors without any harm being done.
While it’s a very good thing that 1Password didn’t get hacked, it’s worth noting that this problem has cropped up before, with posts in their forums going as far back as December 2022 outlining very similar problems. The 1Password team was also very quick to respond in that situation as well.
That said, 1Password still hasn’t suffered a data breach and continues to be an industry-leading password manager.
“We take the integrity of your data and the stability of our systems very seriously and will continue to work hard every day to earn the trust you’ve placed in us,” said 1Password CTO Pedro Canahuati.