With 1Password Teams and 1Password Business, you can create a report to see if anyone with a company email address has been caught in a data breach – including people that don’t use 1Password yet.
An account owner will need to set up the breach report and verify a domain, then anyone in the Security group can view it.
Set up the domain breach report
Before you can view the breach report, create the Security group and verify a company domain:
Step 1: Create the Security group
- Click Create Domain Breach Report, then click Get Started.
- Choose who to add to the Security group: all owners, all administrators, or just yourself.
- Click Create Security Group.
The Security group will have access to security reports and account activity. To add your security team or anyone else to this group, go to Groups > Security.
If you created your account after June 17, 2020, you’ll already have the Security group.
Step 2: Verify a domain
- Add a company domain to verify.
- Choose an administrative email address to send a verification code to.
- Enter the verification code to verify your domain.
To verify your domain later, click the link in your email, or go to Create Domain Breach Report > Manage Domains and click Enter Verification Code next to the domain.
If your company uses more than one domain, click Manage Domains > Add Domain to include other domains in the report.
View the domain breach report
After you verify your first domain, you’ll see the breach report for it.
To see which accounts have been affected for a specific email address, click the number of breaches it has. You’ll also see when each breach happened, and what information was exposed.
What to do if your company is affected by a breach
If your company is affected by a breach, here are some things you can do to reduce your risk:
If passwords have been compromised
- Notify everyone affected and encourage them to use 1Password to change their passwords. If they’re not using 1Password, you can invite them to join your team.
- Change the password for any accounts where people have reused a compromised password.
- Use Watchtower to identify security problems for any accounts already saved in 1Password.
If credit cards have been compromised
Check if payment details are attached to anyone’s account for that service. If they are, and they were added before the breach, it’s a good idea to contact the card issuer and cancel the card.
If an employee used their company email address for a personal account
Tell them to change the email address to a personal one.
About the domain breach report
The domain breach report integrates with the domain search database from haveibeenpwned.com. You can only find email addresses caught in data breaches after you verify that you control a domain.