1Password forum is a compromised website?
I was truly surprised to see that the 1Password forum (discussions.agilebits.com) came up as a Compromised Website in Watchtower. The warning says, "This website was affected by a security breach since you last changed your password." Is that true?
1Password Version: 7.3.2
Extension Version: 1.16.2
OS Version: macOS 10.15.1
Sync Type: Not Provided
Referrer: forum-search:1Password forum is a compromised website?
Comments
-
Yes, see this post by jpgoldberg at the top of the forum: https://discussions.agilebits.com/discussion/109038/forum-password-reset#latest
0 -
Ok, that explains the warning I got :lol:
I will say this, this was fast. How many companies have issues and we find out months or even years later?
0 -
I did not get a password reset email. Others?
Also https://watchtower.1password.com/report/agilebits.com (as shown in the red Watchtower alert to learn more about the breach) says "No password breaches for agilebits.com have been found."...
0 -
I didn't get a password reset email either. I only learned about the breach through my personal Watchtower (in 1Password.com).
0 -
I will say this, this was fast.
Indeed it was, @prime. Their timeline really is impressive. Take a look at their report from earlier today: https://status.vanillaforums.com/incidents/2zdqxf3bt7mj
How many companies have issues and we find out months or even years later?
Speaking generally and not about this incident, it is worth noting that sites and services don't become aware of a breach until well after the fact (if ever). There is an adage along the lines of, "there are two kinds of services. Those who know they've been breached and those who don't know it yet." While that is too pessimistic (and I honestly don't believe that we fit into either of those), it is why we've designed 1Password to keep you safe in the event of a breach of our systems. This was there from the very start of our first sketches of the service: Users must be protected in the event of a compromise of the servers. Another way I like to put it is, "we don't plan on being breached, but we definitely plan for the possibility."
I did not get a password reset email. Others?
I haven't either, @XIII. I've got no specific knowledge or insight into this incident, but some fixes and mitigations can be deployed more quickly than others.
0 -
I was shocked when i saw this message ^^
But in the Options Watchtower is not active but i got the vulnerable Message in 1P X.
Or do I understand the option wrong?
(Hope this text will soon be translated into German.)@prime
I agree with you 1000%. If only everyone handled our data that way.0 -
Oh.. Ok i understand.
For Security:
Would it be worth considering integrating 2 factor authentication into the forum?0 -
I'm not sure that's even an option, or that it makes sense in this case, but it's something we can look into.
0 -
Why does https://watchtower.1password.com/report/agilebits.com page says "No password breaches for agilebits.com have been found."?
0 -
To clarify, there have been no password breaches for agilebits.com or discussions.agilebits.com; but in the latter case the precaution of password resets has been taken because of potential exposure of user information, as outlined in the announcement.
0 -
FYI, I happen to be on this forum on 15Nov2019. While logging in using iPad, I noticed big red bar on top of AgileBits forum login in 1Password, basically saying to change my password.
So I did, on my iPad, with few clicks. No big deal.
No big deal, except, thanks to the watchtower I knew to change the password. I would have never noticed that there was a breach without watchtower notification. I did not even know that this forum runs on vanilaforums. And thanks to 1Password I do not need to know. Just changed my password. Simple. New 19 or so random character password was set for this forum.
Thanks for making this easy.
0
