Dropbox hack, need procedure to un-f' myself

stagrlee
stagrlee
Community Member

I'm an early user of dropbox and imagine my dropbox DB is up for sale on the dark web.
Also had a big fraudulent charge hit my credit card today.

What is the procedure I should follow to create a new vault and start resetting my pwds all over the internet?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Pilar
    Pilar
    1Password Alumni

    Hi @stagrlee

    I'm very sorry to hear about the fraudulent charge on card, that's always scary and really annoying to sort out! First of all, change your Dropbox password to a strong, randomly generated one as soon as you can, and set up 2FA for your account. This will make it harder for anyone trying to acquire your data. Now, if you were using a strong unique Master Password for 1Password, chances are that they did not get your Credit Card data from there. You're data never leaves your device unencrypted, and chances of someone having been able to crack your Master Password are very low at most.

    However, you might still want to change your syncing method and your passwords. Peace of mind is a very important thing to have :chuffed: The very first thing you'd have to do is change your Master Password, if you think it's been compromised. You can see how to do that here. Then, stop syncing with Dropbox. You can do this by going to Preferences or Settings on your different devices and then finding Sync and disable syncing. You can then delete the file from Dropbox if you want. Once you've done that, you'll need a new syncing method. If you only use Apple devices iCloud is a great option, if you have one Desktop and one mobile Wi-Fi might do the trick for you. You can even get a new Dropbox account and use that. Or if you want to, you can always try our new 1Password Accounts. You can try it and use it for free for the first 6 months.

    Once all these is done, you can, if you want to, start changing your passwords. There is no one automatic way to do it, you'll have to go to each site and follow each of their steps to change passwords. Remember to always use our password generator and create a new password for each of them!

    Please let us know if you have any more questions, if there's anything else you'd like to know and how all this goes for you :chuffed:

  • stagrlee
    stagrlee
    Community Member

    My master password is not so great so I'm going to assume the worst. My dropbox PWD is very strong as it was generated by 1Password, but apparently that didn't matter :'(

    I'm going to modify your procedure.

    • Stop sync on all devices
    • Reset dropbox pwd
    • On a Mac, reset the master pwd for 1Password
    • Reset all my internet passwords with new generated pwds (this should take a few days as I'm a heavy internet user)
    • Setup 1Password accounts (I'm done with dropbox)
    • Delete the old vaults from all my devices
    • Setup sync on all devices to 1Password accounts

    I'd appreciate your review of this sequence.

    "Stagr" Lee

  • Pilar
    Pilar
    1Password Alumni

    Hi @stagrlee

    I'm very sorry to hear about this, I hope that the fraudulent charge was stopped in time and that it stops there. I can understand why you you want to reset everything about 1Password, if I were you I'd probably want to go the extra mile to make sure there are no strings loose lying around as well.

    I think that your algorithm looks good and it will work just fine. When you reset your Master Password on your Mac, a Diceware password generated by 1Password will be your friend! Remember to use this same Master Password when you set up your account so everything's consistent.

    Please let us know how all this process goes for you, if you bump into any trouble at any time we'll be here to help you sort it out :chuffed:

This discussion has been closed.