1Password reassures users following password change notification scare

1Password password manager
(Image credit: 1Password)

Popular password manager 1Password caused its users a scare when it sent them a message saying their password had been changed, leading them to speculate the worst - that they'd been hacked.

However, CTO Pedro Canahuati has clarified that the messages were sent in error, and came as a result of a brief service outage, not a breach of the best password manager for families.

The scheduled maintenance report on the company's website states that the messages "[appear] to be an unintended side effect of the maintenance. Please ignore this message – neither your account password nor your Secret Key has been changed."

Fearing the worst

Canahuati further reassured customers that the message, which read 'Your Secret Key or password was recently changed. Enter your new account details to continue,' did not mean that "customer data was not affected in any way."

1Password was migrating its backend databases, which triggered a surge in sync requests which the servers responded to by rejecting the sign-ins. The user client apps then mistakenly interpreted the error code from the servers and sent out password change alerts to US customers instead.

The traffic to the servers became stable again on April 27 in the evening, with no more failed sign-in attempts detected after this point. The next day, no more error messages were showing. 

A similar incident occurred in December last year, as users were getting the same password change message. Little is known about the cause of this issue, but users were directed to contact the support team and 1Password, and since no more has been heard on the issue, it is assumed that it was once more only a minor error. Far fewer customers were affected too.

Canahuati said 1Password will be looking into the cause of this error from last week's incident to improve database migration and error handling, adding that: "we take the integrity of your data and the stability of our systems very seriously and will continue to work hard every day to earn the trust you've placed in us."

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.