Sounds like 1P handled it about as well as they could, and the attacker didn’t get very far.
Yeah, all things considered this is a good case of proper segmentation, working security controls, and good incident response & crisis communication. Compare this to LastPass to illustrate the difference in how it was handled.
Heh, I joined a company that used 1Password. Loved it. I set up a personal account to replace my use of browser built in password management.
The company got acquired and the acquirer replaced it with their corporate solution, LastPass. Then the LP breach happened and they switched to Keeper. Still prefer 1Password.
My company switched to LP after the breach. it chief must have gotten a good deal!
LP is probably very audit-friendly … (in regards to its stored data).
No user data was accessed and even if it had, through the use of the very high-entropy recovery code, it wouldn’t have mattered. 1Password continues to be The Good People™️
