Compromised websites wrong

Hi, on the android version of 1Password it has some sites that have been compromised in the past and have already changed the password after that day. 1Pass for windows recognises that correctly. For android though it doesn't. So there is a mismatch between windows and android and the windows is the correct one


1Password Version: 7.6b7
Extension Version: Not Provided
OS Version: Android 10
Sync Type: Dropbox

Comments

  • ag_anaag_ana

    Team Member

    Hi @jimger!

    Can you please tell us what websites this is happening with so we can test them? Thank you!

  • Instagram, Facebook, 1Password Forum.
    But I doubt it has to do anything with the site. I would assume it is some kind of bug in Android that checks when password is actually updated (and relate to breach update). As said on windows it is fine

  • periperi

    Team Member

    @jimger Thanks! Can you let me know what other devices you're using, and if you happen to recall which device and version of 1Password was used to change the password?

    Also, if you click the Learn more about this security breach link in the Android notification, it should show you the breach date. Were these passwords changed close after this date, or does it look like there's a lot of time between the breach date and the password change?

  • jimgerjimger
    edited May 17

    Let's take Instagram.
    Breach happened, March 21, 2019.
    I do have password history from 25th March 2019 and before. I don't know when current password set but after March 25. Last modified may 7th 2020. But I think the last edit is because I clicked edit and save to see if the error is fixed

  • periperi

    Team Member

    Thanks for the info. I'm seeing the same behavior with one of my Logins, and I'll report this to our developers.

    ref: dev/android/onepassword-android#1159

  • Same issue in iOS for Instagram and PCPlus. I changed the passwords, the password date is after the compromise date, and it’s still flagged.

  • ag_preetag_preet

    Team Member

    Hi @Dak, can you make sure that 1Password is updated to the latest version and let me know if that fixes the issue?

  • edited October 7

    I'm experiencing this same issue with Facebook (in both Android app 7.7.1 and the Windows app 7.6.785). I just switched to 1Password within the last month, noticed the notification and changed my password there, but the alert never went away. I imported the password from my old KeePass DB, so it has the history still attached. For further context, the Facebook breach date listed in the alert is March 21, 2019 but I changed my password there on September 29, 2020.

  • ag_audreyag_audrey

    Team Member

    @crazycaveman, thanks for reporting this! This is a known bug that we are currently working on.

    To help us further dig into this issue, would you mind sending a diagnostics report from your Android device: https://support.1password.com/diagnostics/?android.

    Please attach the diagnostics to an email addressed to [email protected].

    With your email, please include:

    • A link to this thread: https://1password.community/discussion/113433/compromised-websites-wrong
    • Your forum username: crazycaveman

    You should receive an automated reply from our BitBot assistant with a Support ID number.  Please post that number here, so I can track down the diagnostics and ensure that this issue is dealt with.

    Once I see the diagnostic report, I'll be able to better assist you. Thank you in advance!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file