Bitwarden issue

Karen_Fernandes · September 24, 2021, 7:38pm

Note: Your question may already be answered in the Bitwarden Help Center.

So again how safe is Bitwarden?

Peter_H · September 24, 2021, 10:06pm

Karen_Fernandes · September 24, 2021, 10:44pm

Then why did I get an alert that my Bitwarden account was accessed by an Android device…with IP from Brazil??

Not cool!.. Hence not sure if Bitwarden has compromised my information.

Peter_H · September 24, 2021, 10:49pm

Even if they would like to do that (something I do not believe) how should they have done this ?

“Vault data can only be decrypted using a key derived from your master password. Bitwarden is a zero knowledge solution, meaning you are the only party with access to your key and the ability to decrypt your Vault data.”

Source: Vault Data | Bitwarden Help & Support

Karen_Fernandes · September 24, 2021, 11:00pm

Not sure its simply a User Id and Password (Master key) at the end of the day…for someone to get access to it, isnt it?

And looks like someone actually did it…I deauthorised all sessions & then changed my password through web, but noticed that I was not thrown out of the app on my iphone (which should happen automatically), but instead I had to manually log out.

So whoever accessed my account got my information…

Karen_Fernandes · September 24, 2021, 11:03pm

If I was not thrown out of the app on my phone, I am 101% sure the hacker was also not thrown out.

This is horrible now.

Peter_H · September 24, 2021, 11:06pm

It is not if you protect your account using 2FA.
For details see here: Field Guide to Two-Step Login | Bitwarden Help & Support

Using Deauthorize Sessions can take up to 1 hour for it to take effect on all devices.

Source: Revoke app access - #2 by tgreer

Karen_Fernandes · September 24, 2021, 11:06pm

Does Bitwarden actually have a help centre??? Contact Centre??

Feels like horrible app with no service at all,. No one to address anything

Peter_H · September 24, 2021, 11:14pm

How about this ?

Help Center: Help Center | Bitwarden Help & Support
Community forums: https://community.bitwarden.com/
Direct contact: https://bitwarden.com/contact/

tgreer · September 24, 2021, 11:50pm

Thanks @Peter_H for the quick replies!

@Karen_Fernandes the Bitwarden team is available and happy to help, 24/7 at our contact page. You absolutely did the right thing by changing credentials, and I sincerely hope that your vault data wasn’t compromised by an outside vector. 2FA is highly recommended, and our apps now support FIDO2, so an additional level of security is available.

I’m going to close this topic so we don’t get too off base, but I’ll leave it up for folks who may have the same questions.