I'm a long time 1Password user, which I sync with iCloud. I have a Dropbox database as well, which I use on the handful of Windows computers I use often.
Heard from my bank today that my identity has been hacked. We got a letter about a week ago that we were part of the data breach at Premera. I've gotten letters from Target and Home Depot over the years, but I don't believe they have the information like this they needed for this one.
They had my SSN and DOB, and my credit card (a physical copy was presented at Target in Miami). I can't figure out how the information is connected, so I'm still struggling for a real answer.
They made 14 calls over 2 days:
1. From a Florida number (bank refuses to give it to me), they called the bank with SSN and DOB, used the automated system but failed on my zip code and phone number.
2. They called the next day had the same situation.
3. 4 minutes later, they called again and spoke to a rep. They failed on spouse name and DOB, and my phone password. Somehow they let them in, and the notes say "chose caller".
4. 4 minutes later, they called in to the automated system. Failed zip and phone again, passed SSN again.
5. 2 minutes later, spoke to rep. Passed with phone password, which they didn't have the day before. I'm guessing they gave it to him during call #3.
6. later, spoke to rep. They got in, with notes saying "recent contact". I have a feeling that they told the rep they got disconnected but was just verified so they let them in.
7. later, exact same situation. got in using "recent contact"
8. an hour later, spoke to rep and got in with my member ID. They said policy does not allow the rep's to give out member ID, but when pressed, they did say that if the person was REALLY verified, they MIGHT give it out. At this point, they know my member ID, SSN, DOB, bank phone password, and credit card number.
9. 30 minutes later, someone from Georgia calls the bank. Failed to provide phone number and zip
10. 5 minutes later, still GA, passed with credit card number and DOB, but failed about my child's info. They also verified the cars we have insured with the same entity (year, make, and model), and spouse DOB - but failed with the phone password they should have already had! Except maybe...maybe this is a different hacker, who had maybe bought the info from the same source.
11. later last night, called in to the automated system and passed with SSN
12. later, talked to a rep, got in with phone password and "chose caller"
13. this morning, failed zip code, passed phone password
14. last call this afternoon, got in using "chose caller" talking to rep
I am now in the process of a security audit of my digital life. I already had two factor authentication for apple ID, but am going to start changing all my passwords, notify credit bureaus, put my other bank on notice, and I don't know what all.
I just changed my 1password master password using the Mac app. I went right to my phone and it still accepted the old password. It made me think about the security of the product. In general, I feel comfortable with it, but do have one specific question:
Is there a display somewhere that shows me all my applications that are using 1password, devices where it's installed, etc? I have this for Evernote, and "revoked all".
I will likely be crossposting some version of this to other product forums that I use regularly. Any tips for getting through this are appreciated. I'm sure there is a lot I haven't thought of yet.