I seem to have lost one of my vaults: in app it shows as empty and in plugin it asks for pwd

vhalitsyn

Hi, this is disturbing... I was contemplating putting info into different vault, considering bugs and stuff and finally went with it. About 2 months ago. Today I tried to save a new item in the second vault I have(not [primary), using the mac app. I have the latest version(s). It was weird to me that the vault looked empty, but I did not have much time: I just created a new Login entry - form came up and started filing it out with information as I was filling out a form in the web(I used a browser where I do not have an extension installed, hence the behavior). When I pressed "save", I got an error message: "Failed to update item because the profile is locked". But the login actually showed saved in the vault. I switched to main vault, switched back... and ITS GONE! There were 2 passwords and !6! security questions. All gone now! I have just registered and I cannot login!

One password: I can understand many bugs, however loosing customer information is the hardest to understand if at all possible. Please let me know what can I do to get my vault working again.

Thanks!

---

1Password Version: 6.2.1 (621002)
Extension Version: 4.5.5
OS Version: OS X 10.11.4 (15E65)
Sync Type: Wifi

Megan

Hi @vhalitsyn,

I’m so sorry to hear about this! I think the quickest way to figure this out is to take a closer look at your system.

I'd like to ask you to create a Diagnostics Report from your Mac:

Sending Diagnostics Reports (Mac)

Attach the Diagnostics Report(s) to an email message addressed to support+forum@agilebits.com.

Please do not post your Diagnostics Report(s) in the forums, but please do include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we see your Diagnostics Report(s) in our inbox.

You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here so we can track down the report(s) and ensure that this issue is dealt with quickly. :)

Once we see the report we should be able to better assist you. Thanks very much!

vhalitsyn

Hi, I have provided the "diagnostic" report. The number is [#JGD-34569-685].
Please be advised that that report contains a lot of sensitive information. You guys are security experts and could have arranged for encryption of content sent via !email! using the open encryption techniques. Especially keeping in mind you make us run the tool...

AGAlumB

@vhalitsyn: Sorry for the confusion! None of your 1Password data or personal information is included in the diagnostics, only technical information about the software environment. Your 1Password data is end-to-end encrypted, but we won't ever ask you to send that to us — and please don't! Anyway, I see that Greig is in contact via email, so we can continue the conversation there.

ref: JGD-34569-685

vhalitsyn

Hi @brenty , you are correct, however it does feel like you missed the point. The report that I sent you contains a lot of pii: machine name(s), mounted volume(s), environment var(s), software profile(s), browser profile(s), system utilization and more. This is not generic/public information and it's not considered safe to share afaik. In support, you suggest using plain unencrypted mail attachments to communicate this data, which I consider "unsafe" for a company like AgileBits

Megan

Hi @vhalitsyn,

I’ll let Greig continue with the actual troubleshooting by email, but I did want to address your concerns about the Diagnostics Report here.

I'll tell you a bit more about what type of information is included in this Report, and why we request it.

We go out of our way to remove as much sensitive data from the report as we can. For example, we get a system profile which includes processor type, amount of ram, but this request also returns the serial number of the computer. we remove the serial number before it gets entered into the report.

The only identifiable or even remotely sensitive information would be:

1. The username you use. If this contains your name (which we have from your email already) then we'd see that in the report
2. The system.log, which I only get the last 4000 lines of, could contain some other slightly sensitive data, but most developers realize that the system log should not contain sensitive information. This is simply a possibility but it's extremely unlikely.
3. The 1Password logs could contain sensitive information, but if they did they would be by sheer accident. We are very careful to make sure we are not logging sensitive information, however there was one point in the past that we logged something accidentally. It wasn't super serious but it was something we didn't want to log. We no longer log that information and make sure we don't do that in the future.

Now, that said, the rest of the report is really just overview information:

1. Dropbox path (not any files in Dropbox) - Could show listings of files, but none of their contents
2. iCloud path (not any files in iCloud) - This shows listings of files, not their contents
3. System information (less the serial number)
4. Home folder path (again, no files)
5. We gather information about Safari, Chrome, and Firefox (only important settings, whether they pass code signature verification, and the installed extensions)
6. Installed applications (such as Firewalls, Security software, and other tools that have been known to interfere with 1Password. This is strictly whether they are installed or not and possible settings known to interfere with 1Password)
7. 1Password settings (again, no sensitive info, just the settings you use as these can sometimes explain application behaviour)
8. Running applications (this could be sensitive if you're working on a secret application that you want no one to know about as we'd see it this list. as a casual user, it's only going to tell us which applications are running. We use this only when #6 fails us as new applications are discovered regularly that interfere in some way.)
9. Log files from 1Password (again, could contain sensitive info but it's really unlikely as we did a full review of this and found nothing to be worried about)
10. System log (Could contain information about errors other applications are having. Extremely unlikely it would contain sensitive information)

What it does not contain:

1. Your master password. We do not log this anywhere and we do not store it anywhere. We will never ask you for it
2. Your data. Again, we'll never ask you for your data file, or any data contained in it.

As a company that deals with security we take security seriously and I want to make sure you know what you're sending to us, but I also want you to know that we're not using this in any sort of malicious way. It's only to help you get things working, without it we're basically blind. It's comparable to asking a police officer to solve a crime without any evidence with which to solve it. The officer might stumble on the perpetrator of the crime, but it's extremely unlikely.

vhalitsyn

Hey @Megan ,

thanks for the followup. I'm not sure what was the point that you were trying to convey, but I feel like we are getting off topic, and I do not want that. I just wanted to draw your attention to the fact that user data(whether you consider it important or not) is being transferred unencrypted. I'm not convincing you either way.

Back on the topic I haven't heard anything from Greig. Just letting you know I replied to a general support alias rather than him directly, as the email was sent from the general support alias and there was no direct email mentioned.

Would love to get this resolved soon...

littlebobbytables

Hello @vhalitsyn,

There is a very real possibility this issue will need a developer to look at it. I'll explain more when I respond to your email.

vhalitsyn

Thanks for responding and looking into this. I still do not quite understand what is attempted to be done here... Will the information from my second vault be restored, or is it lost forever?

Megan

Hi @vhalitsyn,

Don’t worry! We’ll work with you until we can get 1Password back up and running. It’s best though if we keep this conversation going just through email: splitting the conversation in multiple places will just get confusing.

Someone from our support team will send you an email shortly with instructions.

kmjansen

I am having the same exact issue. Can someone let me know if this was resolved so maybe I don't have to go through the hassle of downloading the tool, sending the information over unencrypted email (I'm a software engineer, and I have to agree with vhalitsyn on this point), etc., etc.

I love 1Password, but this is very disturbing as I'm wondering now if I should start being concerned about losing my years' worth of primary vault passwords.

AGAlumB

@kmjansen: Indeed. Knowledge is power, which is why Megan took the time to explain exactly what is collected and included in a diagnostics report. And of course you can review the report yourself to determine if it's something you're comfortable sharing. And of course if you're a software engineer, you may be able to find the answers yourself without sending diagnostics to us.

Regarding your issue, since you weren't specific, it sounds like something has gone missing. You can restore from a backup, but the greater concern for me in that situation would be the what, why, and how...but the only hope you or I would have of determining that would be through careful examination of system logs. Anything else would be mere speculation. :(

vhalitsyn

@kmjansen: no it has not been resolved. As a matter of fact we have not been able to figure out what has happened. As of 4/28 they told me that the data I had in that vault is irrecoverable. I have backups of "backups" folder up to 1 month back and backups themselves since my purchase of the product. None of that helped.
So...
Lesson #1: have personal backups of onepassword "backups" for more than 1 month, because 1password backups might "not completely work".
Lesson #2: test validity of your data/vaults regularly. In my case I saved some data I use very infrequently and forgot about it, feeling at rest that I "took care of it". Now when I came back to use my data - I could not get it.

kmjansen

@vhalitsyn wow yeah luckily for me, my secondary vault was in it's infancy, but considering how important my primary vault is, I really appreciate you taking the time to write out those suggestions to me. It's really weird to me though because I worked as backend-server software developer for years, and I can't imagine a scenario where there wouldn't be massive redundancies built into the servers which house their data. Anyways, thanks again, and I hope that you're able to recover everything as best as is possible at this point

vhalitsyn

Not a problem @kmjansen. I did not quite follow your servers thought though. AgileBits doesn't store our data. We are responsible for storing our data ourselves(which is the thing I like about this product). If you are talking about dropbox and such - they probably do have this, however my data is not "lost" at this point, it seems to be corrupted.
There is chance that timemachine backup or OneDrive sync have corrupted the file, yet this not what AgilBits support suggest right now. And since the data is encrypted with the key we never share with AgileBits I, as a software engineer as well, can understand this is very hard to diagnose.

As a customer, though, I will never be happy when I discover my data to be corrupted and not usable. Knowing the source of the problem would help a lot, but we do not have this.

For now I just store everything in the main vault as I use it daily. It'll probably take me some time to build courage to create a secodary vault again.

AGAlumB

@kmjansen: vhalitsyn is half right. With the standalone apps, 1Password data is only stored on your device locally (unless you transfer it elsewhere), which can mean a single point of failure. However, 1Password Families (and Teams) does have a server component, which provides versioning and redundancy.

Lesson #1: have personal backups of onepassword "backups" for more than 1 month, because 1password backups might "not completely work".

@vhalitsyn: Indeed, the unfortunately truth is that if the data on disk is corrupted, 1Password will just be backing up the corrupt data. And similarly the backups themselves could suffer the same fate. And of course data corruption will sync as well... I'm really sorry that you've had this misfortunate. I've been there, and it isn't something I'd wish on anyone. :(

As a customer, though, I will never be happy when I discover my data to be corrupted and not usable. Knowing the source of the problem would help a lot, but we do not have this.

I couldn't agree more. Technologically speaking, there is nothing worse than losing data. It's definitely difficult, and often impossible, to ascertain what happens in cases of data corruption. We (as a civilization) really, really need a modern filesystem with data integrity. I sincerely hope that you'll be able to recover your data by any means necessary — Time Machine, OneDrive, etc. — and if there's anything that I may personally do to help please let me know.