Bitwarden and related topics security alerts prompts and easy way to report security news

READ THIS SAD NEWS about Bitwarden’s users being targeted by hackers actually:

Finally, we just saw the first big published attempt to steal Bitwarden accounts… It is something that was sure to happen with the increasing success of the service. Congratulations to reach the level where hackers begin to look at your users!

My point is that this is the kind of news that should be shared with all users to educate them about the good security behaviors to avoid being caugth. Also, it could potentialy makes some realize that they have been fooled and have a faster reaction that may counter the attack before damages are too important.

So, I think that important news like this should be presented to users when they log into their accounts and on the front page of the Bitwarden website. This could only be a very highlighted and visible banner for example that triggers the attention of the user and opens a webpage for details on the subject when clicked.

For me, it’s less a concern due to the fact that I’m a real geek loving security news and such and by the way always more informed than many pros… But, I care about Mr and Miss everyone that could potentialy have serious problems if they are hacked this way. It can also put Bitwarden in a not so funny Jeopardy…

I don’t think this attempt was the first, and I’m certain it won’t be the last. As scams go, this one was not anything sophisticated, just somebody setting up an impostor website on the domain, and attempting to fool people into downloading an unsigned installer that contained some malware. Also, although the payload was a remote-access information stealer, there is no evidence to date that it has been used to harvest any data related to Bitwarden vaults.

@grb thanks for sharing the article. We did have someone post about this earlier this week and the IT Security team has been made aware.

1 Like

I think you meant to thank @jseb.

You’re absolutely right; thanks for the correction @grb and a heartfelt thanks to you @jseb :slight_smile:

1 Like