1Password says the recent incident causing customers to receive notifications about changed passwords was the result of a service downtime, not a security breach.
The company first disclosed in an incident report five days ago that the notifications were erroneous and related to routine database maintenance scheduled for Thursday, April 27.
Today, Pedro Canahate, chief technology officer of 1Password, provided more details and said customer information was not affected.
“On April 27, between 9:03 PM and 9:26 PM ET, 1Password experienced a brief outage. This was not a security incident, and customer data was not affected in any way,” Canahwati said.
“Client apps displayed an incorrect message stating: Your secret key or password was recently changed. Enter your new account details to continue.”
However, as Canahawati explained, this did not happen. False alerts were triggered by 1Password’s US servers in response to a spike in sync requests after migrating back-end databases with login denials.
Client applications incorrectly interpreted the error code sent from the servers and displayed incorrect password change alerts on client devices in the US region.
However, these alerts did not go unnoticed, as 1Passwords users worried their accounts would be hacked or the company would suffer a security incident.
Traffic in the US 1Password environment returned to normal by 9:26 PM ET on April 27, with no additional failed login attempts detected.
By April 28, no additional error messages appeared while monitoring the health of the service, and it was confirmed that the fixes were working as expected.
Although the company did not mention it, this was not the first time that such errors appeared on users’ devices, as some reports date back to December 2022, even though they never changed their secret key or passwords.
At that time, 1Password team members directed affected customers to contact the company’s support team to provide more details so the issue could be investigated further.
Since no further updates have been added from 1Password, previous instances of such notifications are likely related to minor incidents affecting a much smaller number of customers.
Canahawati added today that 1Password will use data collected during last week’s incident to understand the root cause and improve database migrations and error handling.
“We take the safety of your data and the stability of our systems very seriously and will continue to work hard every day to earn the trust you have placed in us,” Canahwati said.