Compromised websites wrong

jimger

Hi, on the android version of 1Password it has some sites that have been compromised in the past and have already changed the password after that day. 1Pass for windows recognises that correctly. For android though it doesn't. So there is a mismatch between windows and android and the windows is the correct one

---

1Password Version: 7.6b7
Extension Version: Not Provided
OS Version: Android 10
Sync Type: Dropbox

ag_ana

Hi @jimger!

Can you please tell us what websites this is happening with so we can test them? Thank you!

jimger

Instagram, Facebook, 1Password Forum.
But I doubt it has to do anything with the site. I would assume it is some kind of bug in Android that checks when password is actually updated (and relate to breach update). As said on windows it is fine

peri

@jimger Thanks! Can you let me know what other devices you're using, and if you happen to recall which device and version of 1Password was used to change the password?

Also, if you click the Learn more about this security breach link in the Android notification, it should show you the breach date. Were these passwords changed close after this date, or does it look like there's a lot of time between the breach date and the password change?

jimger

Let's take Instagram.
Breach happened, March 21, 2019.
I do have password history from 25th March 2019 and before. I don't know when current password set but after March 25. Last modified may 7th 2020. But I think the last edit is because I clicked edit and save to see if the error is fixed

peri

Thanks for the info. I'm seeing the same behavior with one of my Logins, and I'll report this to our developers.

ref: dev/android/onepassword-android#1159

Dak

Same issue in iOS for Instagram and PCPlus. I changed the passwords, the password date is after the compromise date, and it’s still flagged.

ag_preet

Hi @Dak, can you make sure that 1Password is updated to the latest version and let me know if that fixes the issue?

crazycaveman

I'm experiencing this same issue with Facebook (in both Android app 7.7.1 and the Windows app 7.6.785). I just switched to 1Password within the last month, noticed the notification and changed my password there, but the alert never went away. I imported the password from my old KeePass DB, so it has the history still attached. For further context, the Facebook breach date listed in the alert is March 21, 2019 but I changed my password there on September 29, 2020.

ag_audrey

@crazycaveman, thanks for reporting this! This is a known bug that we are currently working on.

To help us further dig into this issue, would you mind sending a diagnostics report from your Android device: https://support.1password.com/diagnostics/?android.

Please attach the diagnostics to an email addressed to support+forum@agilebits.com.

With your email, please include:

• A link to this thread: https://1password.community/discussion/113433/compromised-websites-wrong
• Your forum username: crazycaveman

You should receive an automated reply from our BitBot assistant with a Support ID number.  Please post that number here, so I can track down the diagnostics and ensure that this issue is dealt with.

Once I see the diagnostic report, I'll be able to better assist you. Thank you in advance!

donpeppi

I have the same issue with facebook. Sais "Compromised Website". Its only on the Android version. On my PC it recognize that I have updated the password..

ag_audrey

@donpeppi, I'm sorry to hear that. Just like my instructions right above, could you send a diagnostics report from your Android device: https://support.1password.com/diagnostics/?android. Be sure to include your forum username, not the above one.

Once you've sent it over, please let us know here. Thank you in advance!