AgileBits Support Forum Data Breach?

bpiec
bpiec
Community Member
edited November 2019 in Lounge

Was there a data breach on AgileBits support forums? Today I saw the following message in my 1Password interface:

Can I read the details anywhere?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • bpiec
    bpiec
    Community Member

    Thank you.

  • ag_ana
    ag_ana
    1Password Alumni

    :+1:

  • clearbrian
    clearbrian
    Community Member

    I find it disturbing 1password ...A SECURITY COMPANY... didn't send a email to EVERYONE of its users to change the password on NOV 15!!
    I only noticed this by accident when I opened 1password today 4 dec!!!!!

  • Lars
    Lars
    1Password Alumni
    edited December 2019

    @clearbrian - I appreciate your concern -- and everyone else's in this thread as well. There are a few reasons we didn't email all forum account users as a result of this disclosed vulnerability in Vanilla's forum software:

    1. Regarding the vulnerability itself, it affected other forums powered by Vanilla's software besides just this one, which makes this Vanilla's vulnerability to disclose, not ours. And Vanilla did disclose it, quickly and responsibly. It's also worth mentioning here that Vanilla says in their disclosure that they have no evidence this vulnerability was exploited.
    2. Although this particular incident may initially appear more alarming than other sites appearing in Watchtower might, because it involves an agilebits.com subdomain, there was not and is not any "crossover" between your account here on this forum and your 1Password account. Your 1Password data is entirely separate from your Agilebits Support forum account. To elaborate a bit, if you have a 1password.com account, then even if you used the same password to register for this forum that you used for your Master Password, your 1Password data could not be accessed on the 1password.com servers with only that Master Password, because accessing your data on 1password.com would require your Secret Key and also 2FA, if you have that enabled. (note: if you did use the same password for your forum account as you used for your Master Password, you should change your Master Password to something unique).
    3. We followed our usual protocol for when we receive confirmation (disclosure) of a vulnerability or breach from the owner of a site: we added it to Watchtower. In the sidebar of 1Password for Windows or Mac, users with accounts on this forum would see their discussions.agilebits.com Login item listed under the Compromised Websites section of Watchtower. This is how we provide users notice of vulnerabilities at sites for which they have one or more Login items saved in 1Password.
    4. Our Chief Defender Against the Dark Arts, jpgoldberg, posted a top-level announcement thread right here, in the wee hours of November 16, so anyone visiting this forum could see our thoughts on the issue, as well as our recommendations.

    I hope that clears up the reasons behind why we took the steps we did.

  • BobArch2
    BobArch2
    Community Member

    I just noticed the breach today via the Watchtower notice. I change the password as suggested/required and all is well. However, the "Comprised Login" banner is still showing in the 1Password app. (Windows). How long before this banner disappears?

  • BobArch2
    BobArch2
    Community Member

    Anybody home? I posted the above note yesterday, December 20, 2019, and looked today to see if there was any response. I notice that the thread date is still showing the original date of November 28, 2019. I thought dates were supposed to reflect the date of the most current posting?

  • Lars
    Lars
    1Password Alumni

    @BobArch2 - sorry for the delay. Our staffing is lower than usual due to the holidays and response times may be slower as a result. If you're still seeing the "compromised" banner, do you have any other older agilebits.com items saved in 1Password? The most likely one would be the older license customer center. Do a search in the main 1Password window for agilebits.com. There are no longer any sign-ins with agilebits.com domains, except for this forum, so feel free to delete any others you find or archive them if you have an Archives folder.

  • BobArch2
    BobArch2
    Community Member

    @Lars No problem with the delay ... after all we must celebrate the season! I did a search and there was the welcome note from 5 years ago which I just deleted. The remaining item was for the Forum which still shows the banner in Safari on my iPad. I will check the windows desktop app later to see what shows.

    No concerns as I did change my Forum password 2019.12.20. Time might heal the glitch. I can wait!

    Cheers,

    Bob

  • BobArch2
    BobArch2
    Community Member

    @Lars The banner issue still existed in both Safari (iPad) and Chrome (PC) this morning when I logged in. This was after cleaning out the "trash" yesterday. When I checked the Trash this morning in the Windows app there were 6 unrelated items. Attempting to empty the trash did not work. On a "fluke", I removed the tags and the 6 items disappeared . I closed down 1Password and restarted ... the compromised banner still existed. As a last attempt to rid the system of this nasty message :-) , I deleted the 1Password item to access the Forum, emptied the trash and closed down the app. Then restarted the app and went to the Forum page. Logged in with my credentials and saved the login info. Everything seemed to be OK and I logged out. I checked the account info in the Vault and there was no warning banner. It is my impression that Watchtower only runs a check once per day on the initial start up. We'll see what happens tomorrow.

    Hope you have a great day and be careful with the eggnog at this Festive Season time! :-)

  • KishoreBhargava
    KishoreBhargava
    Community Member

    While the issue is now old, I am still getting a "compromise" alert for https://agilebits.com/c/login ! Now I am not sure where this is used, I have changed my forum password and the password listed for this site is not my 1Password master password. Wondering if I should just move this entry to trash? Any advice?

  • ag_ana
    ag_ana
    1Password Alumni

    @KishoreBhargava:

    If my memory serves me correctly, that one is the old URL for our licensing website (for old 1Password licenses, up to version 6 I believe). That website is not available anymore, so if you still have a login for it, you can remove it.

  • KishoreBhargava
    KishoreBhargava
    Community Member

    @ag_ana Thank you. I had assumed it to be the older site, as it was being redirected to 1password.com and deleted the item.

    Cheers...Kishore

  • ag_ana
    ag_ana
    1Password Alumni

    You are welcome :+1:

This discussion has been closed.