watchtower breach notifications

wrwatk
wrwatk
Community Member
edited November 2020 in 1Password 7 for Windows

Hi,

Please could someone enlighten me on Watchtower? i.e when does it sync with the haveibeenpawned database, when does it check? I understand how it all works etc and what the function of Watchtower is, but I am concerned that Watchtower is set to notify me of the breach that 123rf has suffered.

Haveibeenpawned & Firefox Monitor have both sent me emails saying my email address etc has been exposed in a breach at 123rf but 1password watchtower says everything is good and there are no breaches. Confirmed this by using the Watchtower report and checking the 123rf URL and it comes back saying "No password breaches for 123rf.com have been found." Link: https://watchtower.1password.com/report/123rf.com

Really concerning from a security and notification perspective and sort of defeats the purpose.

Attached are references to the Firefox monitor, email from haveibeenpawned & 1Password Watchtower


1Password Version: 7.6.786
Extension Version: Not Provided
OS Version: Windows 10 20H2
Sync Type: 1Password Cloud
Referrer: forum-search:watchtowe

Comments

  • ag_ana
    ag_ana
    1Password Alumni
    edited November 2020

    Hi @wrwatk!

    Thank you for reporting this! I have let our developers know that they should take a look at the website :+1:

    ref: dev/web/watchtower.1password.com#57

  • wrwatk
    wrwatk
    Community Member
    edited November 2020

    Hi @ag_ana

    Thanks for coming back to me. I can see that the status has now changed, but what I do not understand Is why watchtower within 1Password, still does not show the breach and I havent been notified by the IOS App?

    Sort of makes the feature of watchtower a little useless?

  • Greg
    Greg
    1Password Alumni

    Hi @wrwatk,

    If you check your 123rf password on the Pwned Passwords search page: https://haveibeenpwned.com/Passwords, not on the home page of haveibeenpwned that is designed for checking email addresses, does it return any results? Please clarify.

    Thanks! :+1:

    Cheers,
    Greg

  • wrwatk
    wrwatk
    Community Member

    Hi @Greg

    Thanks for coming back to me.
    I fully understand how haveibeenpawned works and what is required to search for beaches.

    What I would like to know is why hasn’t the watchtower in 1Password alerted me or notified me of the breach?

  • Greg
    Greg
    1Password Alumni

    @wrwatk: I think there is a misunderstanding happening.

    "Compromised Websites" in Watchtower are not coming from haveibeenpwned service. We maintain the list of compromised websites ourselves and your report of 123rf is appreciated. I believe that it will be added to Watchtower soon. Sorry for this inconvenience. :frown:

    Let me know if it answers your question. Thank you!

    ++
    Greg

  • wrwatk
    wrwatk
    Community Member

    Hi @Greg

    Thank you, and that explains it all.
    Appreciate you coming back to me.

  • Greg
    Greg
    1Password Alumni

    @wrwatk: You are very welcome! :) I am glad to hear that we managed to get to the bottom of this together.

    Please feel free to reach out to us anytime, we are always ready to help you with 1Password and answer your questions. Thanks!

    ++
    Greg

  • ag_ana
    ag_ana
    1Password Alumni

    @wrwatk:

    I wanted to send you a quick update to let you know that we have updated the Watchtower database, it now shows the breach information you reported :)

    https://watchtower.1password.com/report/123rf.com

  • Tertius3
    Tertius3
    Community Member

    If it takes 10 months to get a listing to your Watchtower database, honestly, this database is of no use. If a security breach gets known, it's crucial to notify people immediately to enable them to react immediately, not after 10 months. In this case I'm happy I kept my subscription in have i been pwnd's breach notification, because this gets me a notification as soon as the breach gets known.

  • ag_ana
    ag_ana
    1Password Alumni

    @Tertius3:

    We appreciate the feedback, thank you!

  • wrwatk
    wrwatk
    Community Member

    Hi @ag_ana & @Greg,

    Coming back to this issue again, I see that the watchtower function is not working again? Today I received an email from both haveibeenpawned and Firefox monitor, regarding the latest LinkedIn Scraped Data Breach. https://businessinsider.com.au/linkedin-data-scraped-500-million-users-for-sale-online-2021-4 Whilst the scraping did not constitute a data breach nor did it access any personal data not intended to be publicly accessible, I would still like to know why 1Password has not notified me of the breach yet or is it going to take 10 months to get updated like the previous breach? I rely on 1Password to manage this for me and I should have to second guess if the service is working or not? I understand that 1password maintain the list of compromised websites yourselves, but surely in 2021 there are some smart solutions around that don't require manual intervention? If 1password cant notify users of a breach when it happens, what is the point of having watchtower?

  • ag_ana
    ag_ana
    1Password Alumni

    @wrwatk:

    The LinkedIn event did not include passwords, from what I can see, so I don't think this will ever show up in Watchtower. Since there is no password to update, you would get a permanent Watchtower alert in 1Password, even if there is nothing you can do about your credentials.

  • wrwatk
    wrwatk
    Community Member

    @ag_ana thanks for the response. Whilst I now understand the logic behind there being no watchtower alert, it would still be nice for 1Password to notify of such alerts?

  • ag_ana
    ag_ana
    1Password Alumni

    @wrwatk:

    I believe our developers discussed this in the past, but I can certainly pass your suggestion to them in case they decide to revisit the design in the future :+1:

  • wrwatk
    wrwatk
    Community Member

    @ag_ana thank you very much. apologies for the terseness in my original post.

  • ag_ana
    ag_ana
    1Password Alumni

    No worries at all @wrwatk, we appreciate the feedback :)

This discussion has been closed.