Hi, all!
I just wanted to share a phishing email targeting Bitwarden users I’ve just got today - in case anyone would wonder if “We Have Been Hacked — Protect Your Bitwarden Vault with the New Desktop App” is real. The website seems to be already marked as phishing by CloudFlare, but I bet they will come back with some another one later.
Thanks for checking in, this one has previously been reported to the team.
We always recommend bookmarking official sites for easy access, or launching them directly from Bitwarden.
Using passkeys wherever possible is also a great way to avoid phishing sites as they only work on the originating website.
Dear community,
I just got a message that was quite convincing, telling me about a possible compromised desktop app. I should immediately update my apps by going to https://bitwardendesktop… 
As it is actually passing DKIM and looks quite real, I thought I post it here for other to be aware:
From: BITWARDEN <hello@bitwardennewschannel...>
To: (me, but not my bitwarden address)
Subject: We Have Been Hacked — Protect Your Bitwarden Vault with the New Desktop App
Dear Bitwarden Users,
We’re rolling out a new, strengthened Bitwarden Desktop App to address a recently discovered issue in older desktop builds. Our investigation confirmed that Bitwarden’s zero-knowledge, client-side encryption kept your vault contents protected; however, legacy clients introduced an elevated risk around local metadata and cache integrity.
Your quick 3-minute fix
Step 1: Download the latest Bitwarden Desktop App Here: https://bitwardendesktop..../
Step 2: Install, then sign in with your master password.
Step 3: Let your vault re-sync; then open Vault Health Report to verify everything looks good.
(Optional) Clear the old app cache after upgrading.
Why this matters
Older desktop versions relied on components that could be targeted for memory injection or local cache manipulation. The new release blocks these vectors with digitally signed installers, hardened sandboxing, integrity verification, and upgraded cryptographic defaults.
Extra precautions we recommend
Confirm 2FA is enabled and backed up.
Consider rotating your master password and reviewing emergency access settings.
Ensure your browser extension and mobile apps are on their latest versions.
If you think your account may have been impacted, please reach out through the support widget on our download page to connect directly with our Security Response Team.
For general questions or feedback, you can also start a conversation through the live chat available on that page.
Your continued trust and feedback inspire us to strengthen Bitwarden every day and deliver the most secure, reliable password management experience possible.
With care,
Bitwarden Customer Support & Security
This email has been confirmed not to come from Bitwarden.
Be safe out there!
Cheers,
Snafu
There are red flags in this email, including:
Also, the subject line “We Have Been Hacked” (
) is highly unlikely to be used in a real breach. The security companies usually notify their customers with much calmer (sometimes even deceptive) tone.
This email has apparently been reported to Bitwarden (as above).
edited: @snafu, I merged your post into a similar post.
For transparency: I adjusted the title a bit. (from Attention to phishing suggesting new desktop app to Attention to phishing mail - maliciously suggesting a “new desktop app”)