watchtower breach notifications

wrwatkwrwatk
edited November 15 in Windows

Hi,

Please could someone enlighten me on Watchtower? i.e when does it sync with the haveibeenpawned database, when does it check? I understand how it all works etc and what the function of Watchtower is, but I am concerned that Watchtower is set to notify me of the breach that 123rf has suffered.

Haveibeenpawned & Firefox Monitor have both sent me emails saying my email address etc has been exposed in a breach at 123rf but 1password watchtower says everything is good and there are no breaches. Confirmed this by using the Watchtower report and checking the 123rf URL and it comes back saying "No password breaches for 123rf.com have been found." Link: https://watchtower.1password.com/report/123rf.com

Really concerning from a security and notification perspective and sort of defeats the purpose.

Attached are references to the Firefox monitor, email from haveibeenpawned & 1Password Watchtower


1Password Version: 7.6.786
Extension Version: Not Provided
OS Version: Windows 10 20H2
Sync Type: 1Password Cloud
Referrer: forum-search:watchtowe

Comments

  • ag_anaag_ana

    Team Member
    edited November 15

    Hi @wrwatk!

    Thank you for reporting this! I have let our developers know that they should take a look at the website :+1:

    ref: dev/web/watchtower.1password.com#57

  • wrwatkwrwatk
    edited November 15

    Hi @ag_ana

    Thanks for coming back to me. I can see that the status has now changed, but what I do not understand Is why watchtower within 1Password, still does not show the breach and I havent been notified by the IOS App?

    Sort of makes the feature of watchtower a little useless?

  • GregGreg

    Team Member

    Hi @wrwatk,

    If you check your 123rf password on the Pwned Passwords search page: https://haveibeenpwned.com/Passwords, not on the home page of haveibeenpwned that is designed for checking email addresses, does it return any results? Please clarify.

    Thanks! :+1:

    Cheers,
    Greg

  • Hi @Greg

    Thanks for coming back to me.
    I fully understand how haveibeenpawned works and what is required to search for beaches.

    What I would like to know is why hasn’t the watchtower in 1Password alerted me or notified me of the breach?

  • GregGreg

    Team Member

    @wrwatk: I think there is a misunderstanding happening.

    "Compromised Websites" in Watchtower are not coming from haveibeenpwned service. We maintain the list of compromised websites ourselves and your report of 123rf is appreciated. I believe that it will be added to Watchtower soon. Sorry for this inconvenience. :frown:

    Let me know if it answers your question. Thank you!

    ++
    Greg

  • Hi @Greg

    Thank you, and that explains it all.
    Appreciate you coming back to me.

  • GregGreg

    Team Member

    @wrwatk: You are very welcome! :) I am glad to hear that we managed to get to the bottom of this together.

    Please feel free to reach out to us anytime, we are always ready to help you with 1Password and answer your questions. Thanks!

    ++
    Greg

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file