Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Solved
Passkeys in a compromised account
In today's (2/26) Wall Street Journal is an article about someone whose 1Password account was hacked via Github malware with the hacker gaining access to the poor guy's vault(s). He did not have 2FA...
Hey JAC3467! đź‘‹
First, to address the core concern that some folks might have upon jumping into this thread: 1Password itself was not hacked. In this case, the attacker compromised the individual’s local device and intercepted their Account Password using a keylogger, which allowed them to log into 1Password. Once a device is compromised, an attacker can gain nearly unrestricted access.
While enabling 2FA on your 1Password account is a great security measure, it would not have prevented this specific attack. 2FA on your 1Password account helps protect against unauthorized access from new or untrusted devices—but since the attacker was logging in from the victim’s already-authorized device, 2FA wouldn’t have applied in this scenario.
To guard against attacks that exploit compromised devices, you should:
- Ensure device integrity — keep your devices free from malware by installing security updates, enabling built-in security features, and using endpoint protection tools that actively detect and prevent threats.
- Trust only verified sources — download software exclusively from trusted providers. Avoid unverified applications that could contain hidden malware.
- Strengthen authentication for critical accounts —use phishing-resistant authentication methods like hardware security keys (e.g., YubiKey) or a separate authenticator app to reduce the risk of credential compromise.
- Limit exposure from browser extensions — review and disable unnecessary or untrusted extensions, as they can introduce vulnerabilities that attackers may exploit.
What I DONT understand about this article is how the secret key didn’t serve as a second factor of sorts and how they exfiltrated the 1Password data .
Exactly. The victim in this case sounds to be fairly sophisticated and knowledgeable from a technical standpoint, so what attack vector was used?
About the only scenario I can think of is that he logged into his 1P ACCOUNT at 1P.com using his Secret Key & PW for some reason vs unlocking his local app using his pw rather than biometrics (I use touch ID on my Mac except when required to use my pw once a month or so).
...still looking for more specifics to assure that I don't have a similar open door... Hopefully, AgileBits is investigating and will provide a comprehensive blog post...
