1Password details "suspicious activity" on its Okta instance


No user data was accessed by threat actors, the company’s CTO said.

“We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed,” Pedro Canahuati, 1Password CTO, said in a brief statement.

The company detected suspicious activity on September 29. It relies on Okta, a major security provider worldwide, to manage employee-facing apps.

“We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing,” Canahuati said.

“Your trust is paramount to us. Our systems and policies were able to identify and terminate this attack, and we are continuously enhancing our security measures to keep you and your data safe,” he added.

The compromise is a result of Okta’s support system breach. In its public statement, Okta said that hackers stole credentials to access support case management systems and could view files uploaded by certain customers as part of recent support cases.

This breach was not the first major cyber incident in Okta’s systems. Back in December 2022, Okta had its private GitHub code repositories hacked.