URGENT: SUSPECT SIGNINS TO MY FAMILY ACCOUNT VIA UNKNOWN DEVICES USING SAFARI

matscotca
matscotca
Community Member
edited April 2023 in Families

As of 4/5 I started getting email alerts from 1Password re "New SignIn" from locations I do not recognize in different states all over the country, using OS versions that don't make sense. To date I've gotten 7 or so.

Ex. 10.15.7 in Safari shows even for "Current Device" which should be the real me (correct URL) even though I'm running Ventura 13.3.1

The ones that concern me vastly more don't have any URL (they use a long alpha-numeric string that is broken by colons and which resembles what my legitimate iPhone signing looks like but are not identical to the one for my iPhone) and come from somewhere I (and no one in my family) are located. Sometimes identified ed as a State, sometimes as a City.

As soon as I get one of these email alerts I log in to my family account and "Deauthorize" the suspect SignIn (after I first click on "Require 2FA next time".)

When this first began I changed my Masterpassword and got a new Secret Key but this continued.

I've sent all the emails to Customer Support on Friday for evaluation after they replied to my original request for help by asking for them. I have heard nothing since then.

But this is a long weekend, these signings continue to average 1 or 2 a day and I can't understand how this is happening particularly since I've always used 2FA.

If anyone has any advice I can use right now I would be very grateful.

ref: AIH-63112-621


1Password Version: 1Password 7 Version 7.9.9
Extension Version: (70909001)
OS Version: 13.3.1 (22E261)
Browser:_ Safari 16.4 (18615.1.26.11.23)

Comments

  • nimvio
    nimvio
    Community Member
    edited April 2023

    @matscotca, I just checked my account. My "current device" (I'm viewing it in Safari with all the latest Apple OS's & software versions) also shows the OS version as 10.15.7. However, it shows the correct OS version for the desktop app itself. Also, the numbers and colons thing is an IPv6 address most likely. That's how IP addresses are formatted as the world (literally) transitions to IPv6.

    If you search Google for a website that tells you what OS it detects, it also says 10.15.7. As far as the "current device" OS number issue and the IPv6 address (numbers & colons) issue, you're fine. Also, you did the right thing and changed your Secret Key and Master Password. Unless there's something I'm missing, you should be good.

    But great job keeping an eye out!

  • matscotca
    matscotca
    Community Member

    Thanks for this. Good to know those strings are iP6 related. Do they replace the more traditional URL format I see elsewhere?

    Also appreciate your info re 10.15.7 probably not meaning anything dire.

    I am still very concerned about these other New Signins from all over the U.S. I've noticed that when I've Deauthorized my own devices to test, after signing in again the login page requires the Secret Key again and then asks for 2FA authentication. Thereafter it only requires the username and password and doesn't ask for 2FA (but shows the first 7 or so characters at the beginning of the key.)

    Again, I don't know how a New Signin from devices that are not mine are still logging in without 2FA!

    More importantly I don't know how they had my credentials starting on the 5th to begin with and apparently STILL have them after I changed the Master Password!!!

  • matscotca
    matscotca
    Community Member

    Until I get an ALL CLEAR from the 1password Support authorities I am stuck in limbo. I intend to change my default email address and many existing passwords ASAP but I feel if I do that right now and they are still getting in that that will not solve anything, obviously.

  • nimvio
    nimvio
    Community Member

    I totally understand you wanting to wait to get a response from 1Password yourself, @matscotca. I'd probably feel the same way. In the meantime, hopefully you feel a little better having heard from someone else. If there's a hacker, it's not unheard of for them to take control of your account and lock you out, and it sounds like that hasn't happened. Good luck!

  • matscotca
    matscotca
    Community Member

    Appreciate your help.

  • Good morning.

    I see my colleague Andrew has responded to your email. If there is further we can do to help with this situation, please reply to Andrew's email. Thank you!

    Ben

  • matscotca
    matscotca
    Community Member

    I am responding to him now. It’s comforting to know that this venue is also on top of my issue. Thanks.

  • 👍️ Did you end up replying to Andrew? I'm not seeing a response. Just wanted to make sure we didn't miss it. 😄

    Ben

  • matscotca
    matscotca
    Community Member

    Not yet.

  • @matscotca

    I've checked with Andrew and it sounds like the matter is resolved, so I'll close this thread.

    If you need any further help, please reply to our most recent email. If you can't find it, please email support+security@1password.com directly.

    — Grey

This discussion has been closed.