Where should I report a potential security issue?
Dear 1Password team,
I hope this message finds you well and is directed to the appropriate channel for attention and consideration. I have recently identified a potential security issue that could affect the privacy and security of 1Password users.
I understand the sensitivity around reporting such issues, especially when it involves detailed reproduction steps and the potential scope of impact. I am prepared to provide a comprehensive report detailing the exact steps for replication and possible recommendations for mitigating such attacks. I can also provide a brief video demonstration of this issue if necessary.
I am reaching out to inquire where I can send this detailed report and video evidence. I have sent an email about this question (the title) to 1password support and have not received a response. My intention is to ensure that this issue is addressed properly to protect 1Password users against potential security threats.
Thank you for your time and attention to this matter. I look forward to your response and am eager to contribute in any way I can to help safeguard the privacy and security of 1Password users.
Best regards~
1Password Version: 8.10.30
Extension Version: 2.22.1
OS Version: Windows 11
Browser: Chrome
Comments
-
Hi there @FelixJackson26
You should have received an auto-reply from BitBot containing a conversation number in the form ABC-12345-123 – if you can let me know, I'll be able to find your message and make sure it reaches the right team. I look forward to hearing from you. :)
— Grey
1 -
Hello @GreyM1P ,
Thank you for the message. I have received the auto-reply form BitBot, and the conversation number is ABC-12345-123. Could you please let me know what I should do next? Should I directly reply to that email?
I am looking forward to your guidance. Thank you!
Best regards,
FelixJackson26
0 -
Hello @GreyM1P ,
I am really sorry for disturbing you. I have re-checked my inbox and also the spam folder, but it seems that I did not receive the auto-reply from BitBot. I only have received a conversation email from hello @ 1password.community, with your former kind reply.
Should I proceed by replying directly to that email or is there another step I should take to ensure my message gets to the right team?
I appreciate your help in this matter and look forward to your guidance.
Best regards,
FelixJackson26
0 -
Thank you for the reply. I don't see an email from the email address that you use for your forum account, did you use a different email address?
You'll only receive an automatic response if you sent the email to
support+forum@1Password.com, what email address did you send the email to and what was the email's subject line?-Dave
0 -
Dear @Dave_1P ,
Sorry for disturbing you. I have used my 1Password account email to contact the 1Password team. I have received an email from support+security @ 1password.com 50 minutes ago. My 1Password email is [redacted], and the number is #WJP-52386-232.
Can I just send my report to the support+security email?
Thanks for your guidance. I am looking forward to your reply.
Best regards,
FelixJackson26
[Email address removed for privacy, this is a public forum. -Moderator]
0 -
You aren't disturbing anyone my friend, we all appreciate you voicing any security concerns that you may have.
I've removed your email address from your post to protect your privacy. Thank you for posting the Support ID, I've located you ticket and I see that my colleague from our security team did indeed reply to you about an hour ago. Please reply to their email to continue the conversation there.
Since we now have a communication channel open via email, I'm closing this thread.
-Dave
ref: WJP-52386-232
0
