Compromised websites wrong

jimger
jimger
Community Member

Hi, on the android version of 1Password it has some sites that have been compromised in the past and have already changed the password after that day. 1Pass for windows recognises that correctly. For android though it doesn't. So there is a mismatch between windows and android and the windows is the correct one


1Password Version: 7.6b7
Extension Version: Not Provided
OS Version: Android 10
Sync Type: Dropbox

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @jimger!

    Can you please tell us what websites this is happening with so we can test them? Thank you!

  • jimger
    jimger
    Community Member

    Instagram, Facebook, 1Password Forum.
    But I doubt it has to do anything with the site. I would assume it is some kind of bug in Android that checks when password is actually updated (and relate to breach update). As said on windows it is fine

  • @jimger Thanks! Can you let me know what other devices you're using, and if you happen to recall which device and version of 1Password was used to change the password?

    Also, if you click the Learn more about this security breach link in the Android notification, it should show you the breach date. Were these passwords changed close after this date, or does it look like there's a lot of time between the breach date and the password change?

  • jimger
    jimger
    Community Member
    edited May 2020

    Let's take Instagram.
    Breach happened, March 21, 2019.
    I do have password history from 25th March 2019 and before. I don't know when current password set but after March 25. Last modified may 7th 2020. But I think the last edit is because I clicked edit and save to see if the error is fixed

  • Thanks for the info. I'm seeing the same behavior with one of my Logins, and I'll report this to our developers.

    ref: dev/android/onepassword-android#1159

  • Dak
    Dak
    Community Member

    Same issue in iOS for Instagram and PCPlus. I changed the passwords, the password date is after the compromise date, and it’s still flagged.

  • Hi @Dak, can you make sure that 1Password is updated to the latest version and let me know if that fixes the issue?

  • crazycaveman
    crazycaveman
    Community Member
    edited October 2020

    I'm experiencing this same issue with Facebook (in both Android app 7.7.1 and the Windows app 7.6.785). I just switched to 1Password within the last month, noticed the notification and changed my password there, but the alert never went away. I imported the password from my old KeePass DB, so it has the history still attached. For further context, the Facebook breach date listed in the alert is March 21, 2019 but I changed my password there on September 29, 2020.

  • @crazycaveman, thanks for reporting this! This is a known bug that we are currently working on.

    To help us further dig into this issue, would you mind sending a diagnostics report from your Android device: https://support.1password.com/diagnostics/?android.

    Please attach the diagnostics to an email addressed to [email protected].

    With your email, please include:

    • A link to this thread: https://1password.community/discussion/113433/compromised-websites-wrong
    • Your forum username: crazycaveman

    You should receive an automated reply from our BitBot assistant with a Support ID number.  Please post that number here, so I can track down the diagnostics and ensure that this issue is dealt with.

    Once I see the diagnostic report, I'll be able to better assist you. Thank you in advance!

  • donpeppi
    donpeppi
    Community Member

    I have the same issue with facebook. Sais "Compromised Website". Its only on the Android version. On my PC it recognize that I have updated the password..

  • @donpeppi, I'm sorry to hear that. Just like my instructions right above, could you send a diagnostics report from your Android device: https://support.1password.com/diagnostics/?android. Be sure to include your forum username, not the above one.

    Once you've sent it over, please let us know here. Thank you in advance!

This discussion has been closed.