Many 1Password customers received an upsetting notification in the last few days claiming that their “Secret Key or password was recently changed.”
This alert was a false alarm, the company has now clarified, and is not a sign of a data breach or stolen password.
Instead, 1Password says, it accidentally triggered the mass notification during scheduled database maintenance as “an unintended side effect.”
Wait, What Happened?
The incident started with routine database maintenance on April 27th.
As part of the process, 1Password's servers were down temporarily. The platform couldn't connect to the servers, so many of the apps on customers' phones each sent their own sync requests. The platform misinterpreted the resulting error code and send the erroneous alert in response.
Chief technology officer Pedro Canahuati explained it in a recent blog post.
“After completing a planned maintenance, our service received an unexpected spike in sync requests from client devices to the servers. During the outage, users erroneously received a message indicating that their Secret Key or password had changed.”
It was not a security incident, and customer data was not affected.
Staying Safe Online with Password Managers
The good news here is that the actual function of 1Password — keeping your personal information secure — is not in question.
However, customers aren't exactly comforted by the fact that the platform they use to keep their data secure has accidentally sent the wrong notification. After all, a password manager tool lives and dies on its reputation for security. Data breaches are unavoidable, to a certain extent, but a company's quick and accurate response makes a huge difference in how bad the fallout from an incident might be.
The company has said in its statement that it is “working to avoid similar situations in the future.” In this particular case, it's easy to identify the issue: 1Password just needs to ensure that a spike in sync requests from customer devices won't trigger an inaccurate sign-in rejection.
Ironically, the whole debacle is a sign that 1Password does have plenty of responses ready to go for potential problems: They just need to make sure they have the right response lined up with the correct issue.
Getting a Password Manager?
The team at Tech.co has tested and researched all the top options for password management, and we strongly recommend using one of the many paid services available. Remembering all your passwords is a recipe for disaster, and you don't want to simply re-use them, either.