Forum Discussion

Naxterra's avatar
Naxterra
Dedicated Contributor
24 days ago

Password breach report question

Hi

I saw some recent massive breach news on the websites but I couldn't find a single breach entry on Watchtower reports. Does this really mean my accounts were really never breached or Watchtower is not doing its job?

https://discuss.privacyguides.net/t/16-billion-apple-facebook-google-and-other-passwords-leaked-act-now/28475

https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/

https://www.forbes.com/sites/daveywinder/2025/06/20/16-billion-apple-facebook-google-passwords-leaked---change-yours-now/

https://www.forbes.com/sites/daveywinder/2025/05/23/184162718-passwords-and-logins-leaked---apple-facebook-snapchat/

https://www.tomshardware.com/tech-industry/cyber-security/16-billion-accounts-exposed-in-one-of-the-largest-data-breaches-in-history-enormous-data-haul-holds-two-accounts-for-every-human-alive

https://www.tomsguide.com/news/live/16-billion-passwords-data-breach

https://time.com/7296254/passwords-leaked-data-breach/

discussion
watchtower

3 Replies

  • AJCxZ0's avatar
    AJCxZ0
    Bronze Expert
    24 days ago

    1Password has a long relationship with Troy Hunt, who runs Have I Been Pwned. Troy is probably the #1 authority on data breaches and reporting in the mainstream press (and sometimes technical press) is often less that accurate and reliable. Troy shared some information about this matter in his latest Weekly Update 457.

    In short, don't worry about this news. 1Password will check for your credentials in all the breaches recorded in HIBP and let you know if any have been compromised. You can, of course, check details for yourself. If you find nothing new, then it doesn't mean that you can be certain that your details aren't in some dark web vendor's secret breach dataset, but it does mean that you don't have anything to do... yet.

    You can test Watchtower by adding a Login item with compromised data. A safe example is

      username: test
      password: test
      website: http://example.com

    This should immediately show several problems in Watchtower including the breached credentials and lower your score a few points.

    • Naxterra's avatar
      Naxterra
      Dedicated Contributor
      17 days ago

      1Password shared a blog about this. So according to Troy this hack didn't happen or had accounts breached and according to 1Password it happened, but my Watchtower didn't give a single alert for my accounts, which are more than 500+

      https://blog.1password.com/what-to-do-16-billion-password-data-leak/

      • AJCxZ0's avatar
        AJCxZ0
        Bronze Expert
        17 days ago

        The blog begins,

        While this data appears to be recycled from older breaches, ...

        so it's not a matter of whether or not there was yet another discovery of a large collection of breach data, but whether there was discovery or publication of new (but not necessarily recent) breach data. In this case it appears that there was not, hence there was no new breach data added to HIBP , and thus nothing new for Watchtower to find and report.

        If your credentials are in any of the breaches recorded by HIBP, then Watchtower should tell you.