Serious Security Issue - Syncing and multiple vaults. [moved to email]

edited April 2014 in Mac

Hello, In the wake of Heartbleed, and at the recommendation of a longtime customer of yours, I picked up a copy of 1Password. I liked it so much that my friend and I persuaded the Director of IT at our company to trial it out for use on those pesky shared passwords that all IT shops have. It has to be better than our current .csv file.

I imported that .csv into a new vault and we all sync it via Dropbox.

Imagine my surprise yesterday when the director of IT called and asked why I have my credit card numbers in the shared IT vault.

Looking closely this morning I see that 58 of my items have been copied into the IT Vault AND seven of those items were subsequently deleted from my personal vault.

So... 58 of my passwords and credit cards have now been made community property by 1Password.

I seriously don't see how I could have fat-fingered this... It is a bit difficult to move items form one vault to another... I can't even move two items at the same time... let alone 58!

Needless to say, 1Password is probably now out of the running for our needs.

1Password has proven to me that a .csv is in fact more secure than 1Password will ever be.

1Password people, you need to reach out to me... you have my email address... Stop insulating yourselves with this stupid message board, contact me and Fix this now...

Comments

  • Worse yet, I have now removed those 58 items from the shared IT vault - but my coworkers still see them. I suppose we cannot trust your synchronization. Oh.. and I have allowed ten minutes for my machine to sync the deletions to Dropbox, and another ten for my coworkers to pick up those deletions...

  • JasperJasper

    Team Member
    edited April 2014

    Hi @thewellington,

    First of all, I would like to apologize for the delay in responding to you here but we've experienced a surge in support requests recently. We're doing the best we can to get back to our usual speedy replies as soon as possible.

    I am truly sorry about the problem you've been having with 1Password. Whether this trouble was caused by confusing design leading to user error or a very rare bug, it's unacceptable for vaults to be undesirably merging.

    So we can investigate further, could you please email us a Diagnostics Report from your Mac, along with a link to this discussion, to: [email protected]

  • @JasperP, I have sent you a diagnostics report.

    Bill

  • sjksjk oversoul

    Team Member

    Hi @thewellington,

    Thanks so much for sending in the report. I've located it in our system and someone from our team will reply as soon as possible to help you get this sorted out!

    .

  • FYI... I cleaned up the shared vault yesterday - Actually I destroyed it, and created a new one so that none of my data was in there. And today all my stuff is in there again. I am pretty disappointed This is not a one time thing, nor is it two cases of me fat fingering something.

    Your product is giving away my personal passwords. How can I trust it? I can I trust that your product is not broadcasting my passwords all over the Interwebs? Who knows what is going on here? cause I sure don't - but right now, your software is pretty damn buggy, and it is totally screwing me.

    I would take Heartbleed over this clusterf**k anyday.

  • I see this is now flagged as having been moved to e-mail... yet I have not received an e-mail yet. - I am sort of hoping to learn what I am supposed to do now.. 1Password keeps giving away my credentials to others in my group.

  • this is now flagged as having been moved to e-mail

    I'm also very interested to know if this was caused by a bug or by user error. So please keep this thread public, or at least post the results from the investigations here.

  • sjksjk oversoul

    Team Member

    Hi @thewellington,

    I see you're now working on this issue with Chris in email.

    We haven't determined its cause yet, @mot‌. I've made a note in the email ticket of your interest in the findings.

This discussion has been closed.