"Add these logins" in Watchtower's Breach Report is blank
When I log in to my.1password.com, go to Watchtower -> Breach Report and click on "Run report", it opens up a dialog box that says "Your data was found in 9 breaches ... We've searched the haveibeenpwned.com database..." Below that, in the same dialog box, it says "Add these logins to your vault & change passwords", but below that there's nothing. The dialog box just ends there.
Is this a bug? Does it mean none of my passwords need changing, or that all the breached logins are already in my vault?
1Password Version: Not Provided
Extension Version: 1.14
OS Version: Ubuntu 18.04
Sync Type: 1Password
Referrer: forum-search:Breach report blank
Comments
-
Hey @smtchahal!
I've just recreated your issue and do believe this is a bug. Thanks so much for bringing this to our attention! ❤️
I don't personally work on the 1Password web app, but I've opened a new issue (5589) with that team on your behalf. Until that get's resolved, you can manually search for your email address in the haveibeenpwned.com (HIBP) database. You should see the same nine breaches listed there that the 1Password Web App found when using the HIBP API, but if you don't, please let us know. I highly recommend changing your password for anything site listed in the HIBP database if you haven't already.
Have a great week and thanks for using 1Password! 💙
Beyer
ref: b5/b5#5589
0 -
@smtchahal: That sounds about right. Some breaches don't provide us enough actionable information for users to do anything. For example, if HIBP doesn't know the website that the breach occurred on or if it was only personal information and not a password related breach, we can't suggest for users to change their password.
For example, when I look at one of my older email addresses, it indicates that it was found in the
"River City Media" and the "B2B USA Businesses" spam lists.This is a relatively new feature, so perhaps @Jasper can stop in and give us all of the details on what we do and don't include in Watchtower. He will likely be the one fixing the bug you found as well. 😉
Cheers,
Beyer
0 -
Yeah we filter the HIBP breach list a little bit, for us to show them they need to include:
- a domain (if it's not tied to a specific website there's not really an action that can be taken in terms of adding that site to 1Password)
- passwords leaked in the breach (again, the only action 1Password suggests is changing your password)
- the verified flag (just to be sure that they're 100% legitimate)
And we'll get that bug with no breaches being listed fixed up, thanks for the report!
0 -
Good to know, thanks!
0 -
I learnt something from this as well :smile:
0