[yellow_postit]

A bit light on details but seems "Requested a report of administrative users" was the main outcome disclosed which I assume means further phishing and attack vectors on 1Password admins.

Any other takes?

[TedDoesntTalk]

I’m confused why 1Password publicly reported this if there was no damage.

[beart]

I'm encouraged by this, and the steps they took to implement additional precautions for the future. I would guess that was the goal of this release.

[aaomidi]

This is effectively best security practices IMHO.

[Auguste]

I appreciate their transparency. I'm not a 1Password customer, but this earned some respect from me.

[bananapub]

what's confusing?

1. because people want to know if their for-money proprietary password storage company got hacked 1. because if in the future they actually get owned, "oh yeah, it sorta happened another time also but we didn't say anything" is a terrible look

[politelemon]

It's almost a standard practice now, most companies do this.

[batmansmk]

Bingo.