To protect your privacy: email us with billing or account questions instead of posting here.

My browser data was compromised, and they deleted my Family Account

Werner85
Werner85
Community Member
edited May 6 in Memberships

Even though I am very careful with everything I do, I did download a shady (in hindsight) tool, scanned if for viruses beforehand (Kaspersky), and then executed it.

Then suddenly my browser and some other applications were closed.

I reopened the browser, and continued the day like nothing happened. But after a few minutes I noticed some weird emails coming from my Google Account. It said I had activated Gmail, which I didn’t since I don't use Gmail.

Then I noticed the incoming mails about Deleting my 1Password account. But before I could act the account was already deleted.

After that I quickly unplugged the ethernet cable from my PC and emailed you.
I now reformatted my PC, and I am running an offline backup of my previous installation.

After some searching I found a python folder with a Crypto folder inside. The code inside used an Encryption method to stay undetected by Antivirus Software. After changing the code to not execute but display what it would execute I was shocked. It uploaded many things including my active browser sessions. And that is how they got access to my email and 1Password. I noticed the active sessions being from Hamburg, Germany.

The first question I had is: How was the person with my browser session able to fully delete the 1Password account? Is there really no security question asked besides the e-mail with a confirm button? I even have a Yubikey connected to the account, but clearly is no use if 1Password does not ask to re-authenticate is you do something big like deleting your account.

I mailed support straight away after it happened (yesterday around 14:00). 7 hours later (which is really slow if you ask me) I got answered by one of the Support agents asking if I still had my Password and Secret key.

Immediately I answered with "Yes I still have those", hoping the support would continue after that. But now it's 20 hours later, and still no update/reply.

In total I am now in doubt for more than 26 hours about what happened to my account, if they (the hackers) managed to export the data, and if my account is recoverable.
To me this shows the clear downside of 1Password, and their lack of a "Emergency Support" line. And the lack of security in order to delete an account is what surprised me the most.

If anyone from 1Password (@Dave_1P ?) is reading this, please help me as soon as possible.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 11
Browser: Firefox

Comments

  • Werner85
    Werner85
    Community Member
    edited May 6

    And still no response...

    24/7 Support they say, well for now it's been a "one small first reply on Saturday, and then you will have to wait without access to all your Passwords and Data for 37 hours and counting" Support.

    I am seriously considering Bitwarden Family from now on. The biggest advantage is that you can self-host the Data server, and create hourly backups from that. And it's also cheaper. Only downside is that it's apps are less nice looking. But how important/useful is that, if you can't use the apps at all when something like this happens.

  • Dave_1P
    Dave_1P

    Hello @Werner85! 👋

    I'm sorry to hear that you suspect that your computer and accounts have been compromised. Since I don't have access to your account information here on the public forum, I recommend that you continue to work with our support team over email. They can look into this further and help you address the situation.

    I've flagged your support ticket to the team and one of my colleagues is working on a reply. Keep an eye on your inbox, you should receive the reply soon.

    Since we have a communications channel open via email, I'm closing this thread.

    -Dave

    ref: TRD-68544-275

This discussion has been closed.