I recently had my google chrome hacked and they had access to all my passwords. the hack is similar to a scam that was happening with youtube channels, where a copy of the google chrome profile is practically saved and the hacker already has all the accounts currently logged in. my fear is to be hacked again and because I am logged into 1password this hacker has access to all my passwords in the vault again. can anyone answer this question of mine?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
It’s called session (cookie) hijacking, which usually allows the attacker to bypass 2FA. With that being said, they wouldn’t be able to access your vault without your Master Password. If you have your Emergency Kit PDF document on a cloud service that was hijacked, they’d have access to your Master Password. Hopefully you weren’t signed in to a cloud service with the document in it in the browser that was affected.
Hi there @maicoitalo
As @Stellarspace mentioned (thank you!), no one can access your 1Password data without your account password. Even if you had 1Password.com open at the time of such an attack, your account password wouldn't have been sent anywhere, since we use Secure Remote Password to sign you in to 1Password.com – your account password and Secret Key aren't ever transmitted to us.
The Emergency Kit that's generated for you doesn't contain your account password (because we don't know it), so even if you do store it somewhere, and that file was accessed, it wouldn't have everything that an attacker would need to access your account, unless you've annotated the file yourself. Our recommendation is to print the Emergency Kit, write your account password on it, and keep in a safe place along with your passport, financial documents, or similar documents.
Please let me know if you have any questions, or would like any further help. :)