Skip to main content

1Password value modification

ID:1password_modification
Data type:1Password
Severity:
Informational
MITRE ATT&CK:TA0006:T1555

Description

AlphaSOC detected value modification in 1Password. This indicates changes to credentials or other sensitive data stored within 1Password vaults. While this is often a legitimate action performed by authorized users, threat actors who gain unauthorized access to password management systems can modify existing entries to maintain persistent access or lock out legitimate users by altering authentication details.

Impact

Unauthorized modification of 1Password entries could compromise the integrity of stored credentials across the organization. This may lead to loss of access to critical systems and services if threat actors modify or delete password entries.

Severity

SeverityCondition
Informational
1Password value modification

Investigation and Remediation

Review 1Password audit logs to identify the specific entries that were modified and the user account that made the changes. Verify whether these changes were authorized. If unauthorized, immediately revoke the compromised user's access, reset credentials for affected vaults, conduct a comprehensive audit of all stored credentials that may have been accessed, and initiate password resets for any potentially compromised accounts.