This incident has been resolved.

The fix for the identified 2FA issue has been resolved as of version 8.12.4. The Sign-In attempts policy will become available in the coming weeks.

Incident Postmortem - 1Password Browser Extension Code Syntax Rendering Issue

Customer impact began (stable rollout start): 2025-12-09

Investigation Started: 2025-12-17

Incident Declared (UTC): 2025-12-30 13:13

Fixed Release First Available: 2026-01-01

Fixed Release Fully Available and Verified: 2026-01-05

Incident Marked Resolved (UTC): 2026-01-05 02:15

Service(s) Affected: 1Password browser extension

Summary

The 1Password browser extension, which works by injecting code into web pages, inadvertently included code from PrismJS, a third party dependency, breaking syntax highlighting on some websites that display code blocks. The issue was reported in beta in early December, escalated after additional customer reports and a report from an external partner, and required releasing a stable update to remove the problematic dependency chain. This issue affected page rendering only and did not expose vault data or credentials.

Impact on Customers

Customers experienced broken code-block syntax highlighting on websites with <code> HTML elements while using the 1Password browser extension version 8.11.22 across all major browsers.

• Code snippet rendering issue: Syntax highlighting for code blocks was broken on sites that display code snippet; impacted sites included developer documentation pages, technical forums, and blogs with code snippets.
• Browser scope: Reported in Chromium-based browsers initially, and confirmed to affect all major browsers.
• Customer reports: Started in beta with a single report on December 3, 2025, with additional reports in stable December 15–16, 2025. From December 9, 2025 through January 3, 2026 we received 55 unique customer reports. The issue was later observed in stable and amplified via social media.

What Happened?

The injected content script in the 1Password browser extension was able to include UI-related dependencies from other parts of the 1Password codebase in a context where they should not exist. This happened due to a small change that accidentally pulled in additional libraries caused by insufficient restrictions/guardrails on what dependencies could be imported into injected scripts.

• Detection and Escalation:

  On December 3, 2025, we received a beta report that syntax highlighting was broken when the 1Password extension was enabled. That report was incorrectly tagged and did not reach the owning team for timely triage, so we did not recognize it as a potential release blocker before version 8.11.22 rolled out to stable on December 9, 2025.

  On December 17, 2025, an external partner reported the issue affecting stable. That report was routed correctly, we connected it to the earlier beta issue, and we began investigation and remediation.

• Timeline of Events (UTC):

  • 2025-12-03: Internal ticket created after beta report of broken syntax highlighting.
  • 2025-12-09: Bug released to stable version 8.11.22.
  • 2025-12-15 to 2025-12-16: Three additional customers reported the issue (not yet routed to the owning team).
  • 2025-12-17: An external partner reported the issue affecting stable via a shared Slack channel; the Filling & Saving team began investigation.
  • 2025-12-22: Fix merged (script pruning applied broadly to remove PrismJS from injected scripts).
  • 2025-12-30: Reports surfaced that social media users observed the issue; stable update coordination began.
  • 2025-12-31: Releases published across all browser platforms.
  • 2026-01-01: Release approved by web stores.

• Root Cause Analysis: We did not have an enforced dependency boundary for injected content scripts, which allowed unexpected UI and runtime dependencies to be bundled into the page-injected context.

• Trigger: A new import introduced an indirect dependency chain from an injected script to a UI module and ultimately to PrismJS.

• Contributing Factors (if any):

  • Mis-triage of beta report
  • Missing side-effect regression tests

How Was It Resolved?

We removed PrismJS from the scripts the extension injects into web pages by eliminating the import chain that pulled it into the injected bundle. We then shipped an updated extension across all supported browsers.

• Mitigation Steps:

  • Coordinated releasing a stable update once stable impact and broader visibility were confirmed.

• Resolution Steps:

  • Fix merged on 2025-12-22.
  • Fix was applied to the previous stable release.
  • New beta/stable builds created and published across platforms.
  • Fix approved by web stores as of 2026-01-01.
  • Releases published across nightly, beta, and stable.
  • Because extension updates roll out via browser web stores and auto-update schedules, we consider the fix fully available once all stores had approved the release and we verified the issue could no longer be reproduced on known affected sites.

• Verification of Resolution:

  • We tested the new builds on known affected websites, validating that code block formatting is working as expected.
  • We confirmed that the browser extension build no longer contained the PrismJS library.

What We Are Doing to Prevent Future Incidents

• Added lint rules to block disallowed imports into injected scripts.
• Added internal documentation describing how to avoid dangerous imports and the potential impacts.
• Ensure new lint rules to prevent dangerous imports are blocking in CI pipelines.
• Add an automated test to internal testing sites to ensure injected content scripts don’t introduce side effects.
• Implement automated rules + a triage SLA so new beta issues are reviewed by the owning team before stable release decisions.
• Ensure bundle size changes are blocking changes, enforced by our automated build systems as part of the code review process.

Next Steps and Communication

• Most browsers will auto-update extensions via their web stores. If the issue persists, customers should manually check for updates and verify they are on the fixed extension versions (8.11.27 and newer). Customers can verify their version in their browser’s extension/add-ons settings (1Password extension version 8.11.27 or newer).
• We will continue monitoring for regressions and follow up on guardrails (blocking lint rules, bundle-size checks, and automated website-side-effect tests).

We are committed to providing a reliable and stable service, and we are taking the necessary steps to learn from this event and prevent it from happening again. Thank you for your understanding.

Sincerely,

The 1Password Team

This incident has been resolved.

This incident has been resolved.

This incident has been resolved.

Incident Postmortem - Cloud Services Degraded

Date of Incident: 2025-11-18

Time of Incident (UTC): 5:03pm UTC - 6:05pm UTC

Service(s) Affected: SSO, sign in, sign up, CLI, web interface, access to vault content and other items, admin console, MFA

Impact Duration: ~60 mins

Summary

On November 18, 2025, at 5:03 PM UTC, 1Password experienced degraded and temporarily unavailable cloud services for customers in the US region. The issue was caused by database resource exhaustion, causing operations to fail and connections to be rejected. This was not a security incident and no customer data was impacted. The issue was resolved by resizing the database to restore normal performance and ensure additional capacity for future growth.

Impact on Customers

• Single Sign-on (SSO), Multi-factor Authentication (MFA): Users with SSO or MFA enabled experienced delays, and in some cases failures to log in.
• Browser Extension: Users who needed to authenticate via the web interface were unable to unlock their vaults.
• Web Interface, Administration: Customers were unable to log in, sign-ups failed, syncing between devices was not functioning, access to vault and other items were unavailable and the admin console was not reachable.
• API Access: CLI users and API requests received timeout errors and slow responses.
• Number of Affected Customers (approximate): All customers utilizing cloud interfaces and APIs in the affected region for the duration of the incident.
• Geographic Regions Affected (if applicable): US/Global.

What Happened?

• Timeline of Events (UTC):

  • 2025-11-18 4:59pm: Automated monitoring detects increased errors
  • 2025-11-18 5:03pm: Team began investigating
  • 2025-11-18 5:09pm: Servers restarted, service is still degraded
  • 2025-11-18 5:23pm: Public status page updated to Investigating and services Degraded
  • 2025-11-18 5:25pm: Servers scaled down to reduce database load
  • 2025-11-18 5:41pm: Database instance size upgrade started
  • 2025-11-18 5:44pm: Potentially problematic cron job disabled
  • 2025-11-18 5:56pm: Services slowly started to scale up
  • 2025-11-18 5:57pm: Services started to come back as the database instance resize completes
  • 2025-11-18 6:05pm: Incident marked as Identified
  • 2025-11-18 6:05pm: Team continues to monitor, performance has returned to normal levels
  • 2025-11-18 6:23pm: Incident marked as Monitoring and services Operational
  • 2025-11-18 7:16pm: Incident marked as resolved

• Root Cause Analysis: The refactor of a feature increased the impact of a poorly performing query that had previously gone undetected. The result was the exponential increase in resource consumption for the main database. Once resources were fully exhausted, the service rejected connections and all requests failed.

• Contributing Factors (if any):

  • Non-performant queries
  • Database under-provisioned

How Was It Resolved?

• Mitigation Steps:

  • Background services were halted to reduce load on the database.
  • Application servers were scaled down to further reduce load.

• Resolution Steps: Increasing the database instance size resolved the issue.

• Verification of Resolution: Monitoring metrics were closely observed to ensure error rates returned to normal and database performance had stabilized.

What We Are Doing to Prevent Future Incidents

• Improving monitoring: We are updating our monitoring systems to better detect database issues like this before impacting customers.
• Improve database performance: We are refactoring the responsible query to improve performance and reduce load, and tuning the background service to prevent resource contention.

Next Steps and Communication

No action is required from our customers at this time.

We are committed to providing a reliable and stable service, and we are taking the necessary steps to learn from this event and prevent it from happening again. Thank you for your understanding.

Sincerely,

The 1Password Team

This incident has been resolved.

This incident has been resolved.

This incident has been resolved.