Account Compromised

I am not able to login with my master password anymore which makes me suspect that my account has been hacked.

If my master password was changed would I have received an email indicating this?

I am still able to access my vault through my phone using biometrics, but I can’t change anything with my master password.

Please advise

Well, first thing to do is to get an export of your vault from the phone. Immediately disable the phone’s network connections (put it into Airplane mode). This is to keep your vault logged in (though locked).

Then unlock the vault on your phone and export the vault in JSON unencrypted format to the phone. At that point you have a copy of your vault but keep in mind that since it is not encrypted, you have to protect it.

If you have Proton or some other encrypted cloud storage you can then turn off Airplane mode and upload that copy of your vault to your encrypted storage.

After doing that you can troubleshoot the login issue. Are you connecting to the correct URL (https://vault.bitwarden.com (US) or https://vault.bitwarden.eu (EU)?

Make sure you are connecting to the correct URL and try again.

@michael_dunn Welcome to the forum!

No, you wouldn’t get an email about a master password change.

But if someone else logged in to your account, you would have gotten a “New device logged in from…” email. Did you get such an email (for a time period, where it couldn’t have been you logging in)?

Follow the advice of @bwuser10000 of keeping the device where you are still logged in disconnected from the internet. Without your master password, you probably must export everything manually, one by one…

Here is a comprehensive list of things you could consider and try also: [Guide] "I can't login" - Some tips for login problems/issues

But to be blunt, if it turns out you really have lost your master password and there’s no way to get it back - and it’s not for other reasons you can’t login at the moment - then your account is lost now.

@michael_dunn When you use the export function in the app, you will be prompted to enter your master password. If your theory is correct (someone breached your account and changed the master password), then the local master password on your phone should still be the old one — because if the master password change had already been synced to your phone, your app would have been immediately logged out and you would have been unable to log back in without knowing the new master password (this is the reason why you need to disconnect your phone from the internet a.s.a.p. — the sync signal that will log you out of the mobile app can arrive at any time, typically within one hour of the master password change).

My point is, by attempting to export your vault contents using your old master password, you will be able to verify whether or not you are in fact entering the correct master password. Please let us know whether or not your master password is accepted when you go to create a vault export from your phone.

grb,

Great advice. I see you are familiar with the peculiarities of this software, LOL!

1 Like