Netflix got hacked, email has been logged on, Paypal sent me a warning email!!!

Hi
I have not used the app before January this year. I found it easy to organize my passwords and login information. Few days ago, I found that many of my accounts (Email, Netflix, Paypal) have been logged on from UK and France (I live in Germany). Then my Netflix password was changed as well as my email was used to confirm the change. I have never faced such an issue in my life but this week. Is is possible because 1password?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    I have not used the app before January this year. I found it easy to organize my passwords and login information. Few days ago, I found that many of my accounts (Email, Netflix, Paypal) have been logged on from UK and France (I live in Germany). Then my Netflix password was changed as well as my email was used to confirm the change. I have never faced such an issue in my life but this week.

    @Altuijri: First of all, I'm sorry to hear that this has happened to you. I can only imagine how stressful that must be. :(

    Is is possible because 1password?

    No. The only way that someone could access your 1Password data is if you gave them both a copy of your vault and the Master Password used to secure it. And I'm betting that you didn't. There are a number of other scenarios which could result in your accounts being compromised, but I'll go over the most likely:

    • One of your devices was compromised, making it possible for an attacker to access data as you use it.
    • Your email account alone was compromised, allowing the attacker to do password resets on your other accounts.
    • Your password(s) were guessed, reused, or captured in a phishing attack or similar.

    For example, unless you're using a long, strong, unique, randomly generate password for each account, someone could use brute force methods to guess them. Additionally, a website breach that revealed a password could also result in other accounts being compromised if they were reusing that same password. And since password reset requests are often routed through email, using a ridiculous password there is crucial, as someone with access to your email (as you describe above) would be able to easily reset and change passwords to nearly any of your accounts.

    The best thing to do in any of these cases is to regain control of your email first, change the password to something truly random that no one could ever guess (and that you can't memorize), and then do the same for your other accounts as well.

This discussion has been closed.