Compromised computer that has 1password

Community Member

OSX latest

Hi my wife compromised her computer with malware (running as root) and it is possible a man in the middle daemon tap was included in the joy. :rage: I do some network tapping in my own software dev though so not sure yet (it may be something I left behind).
Anyways, since that time, she has added one password to her 1password instance on that computer. What I am wondering is whether 1password is sending updates or other network traffic that could have possibly been listened to. I assume entire payloads of all passwords aren't passed back and forth over the wire, but thought I'd better check to see if I am looking at a possible compromise of my entire 1password collection or just the one that moved over the network during that time.

I know it's easy to say 'reset everything' but before I go nuclear I'd like to know whether I really need to be concerned about the storage I have in 1password event with a successful MITM attack.

Any thoughts/remediation ideas?


1Password Version: 7
Extension Version: Not Provided
OS Version: OSX latest
Sync Type: Not Provided
Referrer: forum-search:compromised


  • AGAlumB
    1Password Alumni

    @mnichols1970: 1Password data is end to end encrypted, and has multiple layers of protection for your data even in transit...

    But the reality is that doesn't matter on a compromised machine. An attacker could simply access the data when you did, as it needs to be decrypted locally in order for it to be of any use to you.

    It's important to keep in mind that any secrets that have already been revealed to an attacker cannot be taken back. The best you can do is

    1. Prevent access to data going forward, by changing the Master Password and Secret Key
    2. Change account passwords that may have been compromised

    That way an attacker would not have your new login credentials and also could not get them by accessing your 1Password data on an ongoing basis. I hope this helps. Be sure to let me know if you have any other questions! :)

This discussion has been closed.