1Password incident

Login and Sync Issues

Critical Resolved View vendor source →

1Password experienced a critical incident on April 27, 2026 affecting 1Password.com website and Sign in and 1 more component, lasting 1d 3h. The incident has been resolved; the full update timeline is below.

Started
Apr 27, 2026, 02:54 PM UTC
Resolved
Apr 28, 2026, 06:00 PM UTC
Duration
1d 3h
Detected by Pingoru
Apr 27, 2026, 02:54 PM UTC

Affected components

1Password.com websiteSign inSign upSyncing items between your devicesSaving password and other itemsAccess to passwords and other itemsBillingAdmin consoleSSO (Single Sign On)Multi-factor Authentication (MFA)

Update timeline

  1. investigating Apr 27, 2026, 02:54 PM UTC

    We are currently investigating an issue causing errors and increased latency across our services. Customers may experience failures or delays when logging in and syncing, including via CLI.

  2. investigating Apr 27, 2026, 03:08 PM UTC

    Our teams continue to investigate an issue causing errors and increased latency across our services. Customers may experience failures or delays when logging in and syncing, including via CLI. We are actively working to identify the root cause and will provide further updates as more information becomes available.

  3. identified Apr 27, 2026, 03:22 PM UTC

    We are seeing signs of recovery for the issue causing errors and increased latency across our services. Some customers may still experience intermittent failures or delays when logging in and syncing, including via CLI. Our teams continue to monitor the situation closely.

  4. monitoring Apr 27, 2026, 03:41 PM UTC

    Service has largely recovered, and we are continuing to monitor the situation closely. Some customers may still experience intermittent issues with login and syncing, including via CLI.

  5. monitoring Apr 27, 2026, 05:09 PM UTC

    Traffic levels have returned to normal and service performance has stabilized. We are continuing to monitor to ensure full recovery.

  6. resolved Apr 28, 2026, 06:00 PM UTC

    This incident has been resolved.

  7. postmortem May 12, 2026, 03:38 PM UTC

    # 2026-04-27 SEV1 Incident Postmortem - Login and Sync Issues # Incident Postmortem - Login and Sync Issues **Date of Incident:** 2026-04-27 **Time of Incident \(UTC\):** 14:15 - 15:41 **Service\(s\) Affected:** All web APIs **Impact Duration:** Approximately 86 minutes ## Summary On April 27, 2026, [1Password.com](http://1password.com/) experienced a period of elevated error and full service unavailability in our USA/Global region. A defect deployed in application scaling logic caused a cascading failure during peak usage. This resulted in a period of service unavailability for customers in the USA/Global region. This was not a security incident, and there was no loss of data. ## Impact on Customers * **Sign-in and account access:** Customers in the USA/Global region experienced errors or were unable to sign in or access their 1Password accounts between approximately 14:15 and 15:41 UTC on April 27, 2026. * **All 1Password clients:** The disruption applied to all client types, including the web app, CLI, browser extensions, and desktop and mobile applications, for customers connecting through the USA/Global region. * **Geographic regions affected:** Only customers on the USA/Global region were affected. Other regions were not impacted. ## What Happened? We deployed a change to how our services signal their readiness to serve requests, which contained a latent defect. * **Timeline of events:** * **2026-04-27 14:15 UTC** - Load increase triggers issues. * **2026-04-27 14:29 UTC** - Incident declared; response team mobilized. * **2026-04-27 15:41 UTC** - Issue identified and fix deployed. * **2026-04-28 18:06 UTC** - Incident formally resolved following monitoring. ## How Was It Resolved? Our on-call engineering team identified the scaling logic as the cause of the cascading failure and disabled it via a configuration change. Once disabled, capacity was restored, and traffic recovered. A subsequent configuration change was made to prevent this logic from being re-enabled in production environments. ## What We Are Doing to Prevent Future Incidents * **Immediate fix:** We disabled the defective health check logic and locked the configuration to prevent it from being re-enabled in production. * **Retrospective:** We are conducting a full retrospective with the incident responders to identify further improvements to our systems and our response processes. ## Next Steps and Communication * No action is required from our customers at this time. We are committed to providing a reliable and stable service, and we are taking the necessary steps to learn from this event and prevent it from happening again. Thank you for your patience and understanding. Sincerely, The 1Password Team