Reporting a Potential Breach
How do I notify 1Password of a potential breach? I do not see an option for this anywhere, nor do I see a discussion category in this forum that's suitable for this kind of query.
I received a legitimate notification from Bank of America that one of my card numbers (which is stored in my 1Password vault) was compromised, and that card number has only been stored in 1Password.
1Password Version: 8.10.36
Extension Version: 2.26.1
OS Version: MacOS 12.7.5
Browser: Chrome
Comments
-
How do I notify 1Password of a potential breach? I do not see an option for this anywhere.
I received a legitimate notification from Bank of America that one of my card numbers (which is stored in my 1Password vault) was compromised.
1Password Version: 8.10.36
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided0 -
Have you shopped with this card online? If so, it's probably a breach from an online vendor you purchased from, rather than an issue with your 1PW vault.
1 -
Hello @caribiner23! 👋
Thank you for reaching out. Just to clarify, is there something in particular that leads you to believe that your 1Password account has been compromised? An attacker would need both your 1Password account password and Secret Key to log into your 1Password account and decrypt the data within it. And even if they did so, you'd have received an email letting you know that your 1Password account had been accessed from a new device, and you'd see that new device listed on your profile (in the top right corner) when logging into and accessing 1Password on the web.
If you send an email to
support+forum@1Password.comthen our security team can help you make sure that your account is secure. After emailing in, you'll receive a reply from BitBot, our friendly robot assistant with a Support ID that looks something like [#ABC-12345-678]. Post that here, and I'll be able to locate your message and make sure it's gotten to the right place.-Dave
1 -
@moonpup This is a debit card that was used exactly once, at a BofA ATM inside a branch. That's why I was surprised to see the fraud alert notification inside the BofA app this morning.
It's possible there was a skimmer on that ATM but I want to exhaust any other avenues of a possible breach.
0 -
@Dave_1P Thanks for your response. Based on your answer, I can only guess that there was either a skimmer on the branch's ATM or that the physical card was compromised somewhere in the process of its creation and being mailed to me. As mentioned above, this is a debit card that was used only once, months ago, to verify the PIN. The card has been in a drawer ever since that single transaction. BofA is sending a new card based on their own fraud alert, so either of the above scenarios are possible. Thanks again!
0 -
I'm happy to help. If you have any other questions about the security of your account then don't hesitate to reach out to the team via email. 🙂
-Dave
0 -
Don't all the new BofA debit cards have NFC? I never swipe my debit card unless NFC/Tap to Pay is not an option. All the BofA ATM's around me are NFC capable.
EDIT to add: Is it a requirement to have to insert your card into the reader for activation?
1 -
@moonpup An excellent observation, and you're correct that the new cards have NFC. That said, I am pretty sure I inserted it into the ATM this once.
This card is connected to a secondary checking account--when I get cash from my main checking account, I use the debit card stored in Apple Pay so I rarely use that physical piece of plastic.
Considering I used one of the newer machines inside a fairly busy branch in downtown Chicago, I'm now inclined to think the card number was compromised during the creation/shipping process. I don't recall any weirdness with the envelope the card came in, but you never can tell.
Thanks again for the help!
0
