Forum Discussion
Password breach report question
Hi
I saw some recent massive breach news on the websites but I couldn't find a single breach entry on Watchtower reports. Does this really mean my accounts were really never breached or Watchtower is not doing its job?
https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/
https://www.forbes.com/sites/daveywinder/2025/05/23/184162718-passwords-and-logins-leaked---apple-facebook-snapchat/
https://www.tomshardware.com/tech-industry/cyber-security/16-billion-accounts-exposed-in-one-of-the-largest-data-breaches-in-history-enormous-data-haul-holds-two-accounts-for-every-human-alive
https://www.tomsguide.com/news/live/16-billion-passwords-data-breach
https://time.com/7296254/passwords-leaked-data-breach/
3 Replies
1Password has a long relationship with Troy Hunt, who runs Have I Been Pwned. Troy is probably the #1 authority on data breaches and reporting in the mainstream press (and sometimes technical press) is often less that accurate and reliable. Troy shared some information about this matter in his latest Weekly Update 457.
In short, don't worry about this news. 1Password will check for your credentials in all the breaches recorded in HIBP and let you know if any have been compromised. You can, of course, check details for yourself. If you find nothing new, then it doesn't mean that you can be certain that your details aren't in some dark web vendor's secret breach dataset, but it does mean that you don't have anything to do... yet.
You can test Watchtower by adding a Login item with compromised data. A safe example is
username: test
password: test
website: http://example.comThis should immediately show several problems in Watchtower including the breached credentials and lower your score a few points.
1Password shared a blog about this. So according to Troy this hack didn't happen or had accounts breached and according to 1Password it happened, but my Watchtower didn't give a single alert for my accounts, which are more than 500+
https://blog.1password.com/what-to-do-16-billion-password-data-leak/
The blog begins,
While this data appears to be recycled from older breaches, ...
so it's not a matter of whether or not there was yet another discovery of a large collection of breach data, but whether there was discovery or publication of new (but not necessarily recent) breach data. In this case it appears that there was not, hence there was no new breach data added to HIBP , and thus nothing new for Watchtower to find and report.
If your credentials are in any of the breaches recorded by HIBP, then Watchtower should tell you.
