Teams and Businesses

Create a domain breach report for your company

Learn how to view a list of everyone in your company affected by data breaches.

With 1Password Teams and 1Password Business, you can create a report to see if anyone with a company email address has been caught in a data breach – including people that don’t use 1Password yet.

An account owner will need to set up the breach report and verify a domain, then anyone in the Security group can view it.

To get started, sign in to your account on 1Password.com and click Dashboard in the sidebar.

A domain breach report, showing the number of people caught in data breaches, a list of breaches, and the information compromised.

Set up the domain breach report

Before you can view the breach report, create the Security group and verify a company domain:

Step 1: Create the Security group

  1. Click Create Domain Breach Report, then click Get Started.
  2. Choose who to add to the Security group: all owners, all administrators, or just yourself.
  3. Click Create Security Group.

The Security group will have access to security reports and account activity. To add your security team or anyone else to this group, go to Groups > Security.

The Create Security Group dialogue

If you created your account after June 17, 2020, you’ll already have the Security group.

Step 2: Verify a domain

  1. Add a company domain to verify.
  2. Choose an administrative email address to send a verification code to.
  3. Enter the verification code to verify your domain.

    To verify your domain later, click the link in your email, or go to Create Domain Breach Report > Manage Domains and click Enter Verification Code next to the domain.

If your company uses more than one domain, click Manage Domains > Add Domain to include other domains in the report.

A list of administrative email addresses that can be used to verify ownership of the domain.

View the domain breach report

After you verify your first domain, you’ll see the breach report for it.

To see which accounts have been affected for a specific email address, click the number of breaches it has. You’ll also see when each breach happened, and what information was exposed.

A list of breach details for wendy_appleseed@agilebits.com.

Notify people affected by a data breach

If your company is affected by a data breach, click Notify Your Team to send an email to the affected team members. You can invite people who don’t use 1Password to join your team.

The affected people should:

  • Join your team on 1Password if they haven’t.
  • Use 1Password to change their password for the affected site and for any accounts where they’ve reused a compromised password.
  • Use Watchtower to find security problems with their items in 1Password and turn on notifications to get alerted of new data breaches.
An email notifying someone of the data breaches they've been affected by and what to do about them.

About the domain breach report

The domain breach report integrates with the domain search database from haveibeenpwned.com. You can only find email addresses caught in data breaches after you verify that you control a domain.

Learn more

Published: