watchtower breach notifications

wrwatkwrwatk
edited November 2020 in Windows

Hi,

Please could someone enlighten me on Watchtower? i.e when does it sync with the haveibeenpawned database, when does it check? I understand how it all works etc and what the function of Watchtower is, but I am concerned that Watchtower is set to notify me of the breach that 123rf has suffered.

Haveibeenpawned & Firefox Monitor have both sent me emails saying my email address etc has been exposed in a breach at 123rf but 1password watchtower says everything is good and there are no breaches. Confirmed this by using the Watchtower report and checking the 123rf URL and it comes back saying "No password breaches for 123rf.com have been found." Link: https://watchtower.1password.com/report/123rf.com

Really concerning from a security and notification perspective and sort of defeats the purpose.

Attached are references to the Firefox monitor, email from haveibeenpawned & 1Password Watchtower


1Password Version: 7.6.786
Extension Version: Not Provided
OS Version: Windows 10 20H2
Sync Type: 1Password Cloud
Referrer: forum-search:watchtowe

Comments

  • ag_anaag_ana

    Team Member
    edited November 2020

    Hi @wrwatk!

    Thank you for reporting this! I have let our developers know that they should take a look at the website :+1:

    ref: dev/web/watchtower.1password.com#57

  • wrwatkwrwatk
    edited November 2020

    Hi @ag_ana

    Thanks for coming back to me. I can see that the status has now changed, but what I do not understand Is why watchtower within 1Password, still does not show the breach and I havent been notified by the IOS App?

    Sort of makes the feature of watchtower a little useless?

  • GregGreg

    Team Member

    Hi @wrwatk,

    If you check your 123rf password on the Pwned Passwords search page: https://haveibeenpwned.com/Passwords, not on the home page of haveibeenpwned that is designed for checking email addresses, does it return any results? Please clarify.

    Thanks! :+1:

    Cheers,
    Greg

  • Hi @Greg

    Thanks for coming back to me.
    I fully understand how haveibeenpawned works and what is required to search for beaches.

    What I would like to know is why hasn’t the watchtower in 1Password alerted me or notified me of the breach?

  • GregGreg

    Team Member

    @wrwatk: I think there is a misunderstanding happening.

    "Compromised Websites" in Watchtower are not coming from haveibeenpwned service. We maintain the list of compromised websites ourselves and your report of 123rf is appreciated. I believe that it will be added to Watchtower soon. Sorry for this inconvenience. :frown:

    Let me know if it answers your question. Thank you!

    ++
    Greg

  • Hi @Greg

    Thank you, and that explains it all.
    Appreciate you coming back to me.

  • GregGreg

    Team Member

    @wrwatk: You are very welcome! :) I am glad to hear that we managed to get to the bottom of this together.

    Please feel free to reach out to us anytime, we are always ready to help you with 1Password and answer your questions. Thanks!

    ++
    Greg

  • ag_anaag_ana

    Team Member

    @wrwatk:

    I wanted to send you a quick update to let you know that we have updated the Watchtower database, it now shows the breach information you reported :)

    https://watchtower.1password.com/report/123rf.com

  • If it takes 10 months to get a listing to your Watchtower database, honestly, this database is of no use. If a security breach gets known, it's crucial to notify people immediately to enable them to react immediately, not after 10 months. In this case I'm happy I kept my subscription in have i been pwnd's breach notification, because this gets me a notification as soon as the breach gets known.

  • ag_anaag_ana

    Team Member

    @Tertius3:

    We appreciate the feedback, thank you!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file