1Password users, beware: Attackers are attempting to steal your master password using a sneaky phishing email designed to trick you. If you follow the links in this email, your account details will be stolen—along with every other password connected to that account.
1Password Users Receive Fake Master Password Reset Emails
As first spotted by Tech Issues Today, via the 1Password subreddit, 1Password users are steadily receiving requests to reset their master password.
The phishing email requests that the user immediately act upon a security breach supposedly detected on 1Password’s systems and that resetting the master password is the only way to secure the account. Reddit user DirectorBusiness5512 detailed the 1Password scam, explaining where the phishing email came from and its contents.
Other 1Password users on Reddit were quick to respond, chiming in that they had also received the same fake email—but were just as perplexed as to how the email addresses linked to the 1Password accounts had originally leaked.
As with any phishing scam, if a 1Password user clicks the link in the email, they’re taken to a very convincing 1Password password reset page. Of course, entering any details into this page will see your data stolen and immediately repurposed. Where adding your banking information to a phishing email is bad, giving scammers your master password would be absolutely devastating.
1Password Advises Blocking and Ignoring the Emails
On the 1Password subreddit, an official 1Password account, 1PasswordCSBlake, explained how this 1Password master password reset phishing attack works.
As others have suggested, we believe these emails were sent to a large number of people in the hopes that some of them happened to be 1Password users. We’ve identified the platform used for sending the phishing emails and reported it to their security team. Additionally, we can confirm that the phishing domain has been taken down.
Furthermore, if you are a 1Password user who interacted with the phishing email and handed over your master password, the message advises contacting support@1password.com immediately for assistance.
But for now, 1Password users can rest mostly assured that the password manager hasn’t been breached, and your accounts and passwords remain safe.
