The popular password manager, 1Password, scared users when it sent them a message that their password had been changed, making them guess the worst that they had been hacked.
However, CTO Pedro Canahuati revealed that the message was sent in error and was sent as a result of a brief outage rather than a breach of the best password manager for families.
Scheduled maintenance report (opens in new tab) The company’s website has the message “[appear] An unintended side effect of maintenance. Ignore this message. Neither the password nor the private key of the account has been changed. ”
fear the worst
Canahuati further added that the statement “Your private key or password has recently changed. Please enter your new account details to continue” does not mean “no customer data was affected.” is not.
As 1Password was migrating its backend database, there was a spike in sync requests that the server responded by refusing to sign in. The user her client app then misinterpreted the error her code from the server and instead sent a password change alert to US customers.
Traffic to the server stabilized again on the evening of April 27, and no more failed sign-in attempts were detected after this point. The next day the error message disappeared.
A similar incident occurred last December as users were receiving the same password change message. Little is known about the cause of this issue, but the user has been instructed to contact their support team and his 1Password, and has heard nothing further about the issue, suggesting that this is also just a minor error. Assumed, far fewer customers were affected.
Canahuati said 1Password is investigating the cause of this error from last week’s incident and will improve database migrations and error handling, adding: It’s the day we earn the trust you’ve placed in us. ”
