@mastfun Welcome to the forum!
What does the text of these emails say? In particular, does the last paragraph begin with “If this was not you, don’t worry”, or does it begin with “If this was not you, you should change your master password immediately”?
If the latter, then you should change your master password immediately, as instructed! If the former (a more common case), then you don’t need to worry too much.
In this former case, what you’re experiencing indicates that the email address you are using for your Bitwarden login is publicly available, and/or has been part of some data leak from a website unrelated to Bitwarden (something that you can check for here). Hackers are now pairing your email address with different leaked passwords (or other easy-to-guess passwords) in the hopes of getting lucky and finding your actual master password. Unless the “Failed login attempts” notice is later followed by a “New device logged in” notice identifying a login that was not you, then you don’t have to worry.
Nonetheless, to safeguard your Bitwarden account, you should take the following actions:
-
In case you do not have 2FA enabled on your Bitwarden account, you should enable Two-Step Login immediately. Don’t forget to print your 2FA Recovery Code, so that you don’t get accidentally locked out of your account.
-
In case your Bitwarden master password is a password that you have ever used on a different website or online service, then you should immediately change your master password.
-
If your Bitwarden master password is not a randomly generated, 4-word passphrase, you should seriously consider upgrading your master password to such a passphrase, to make it uncrackable.
In addition, if you find the notices annoying or worrisome, or if you don’t want to solve the Captcha challenges that are imposed by Bitwarden when these types of attacks occur against your account, then you should change the email address associated with your Bitwarden account. It is recommended to use an email address that has not been publicly disclosed, and not used for any other online accounts.