I searched for Bitwarden Vault on Bing and clicked the link, entered my details, but then realised in horror that I’d clicked through to a fake site, with identical log-in page design, padlock symbol in browser and https:// URL. The only giveaway was the letter S to spell Bitswarden. I spent 5 hours changing my passwords and I cancelled my bank cards. I let Bitwarden support know and they said they would get on the case, and that it was a phishing site. As of tonight, this fake site is in the top 3 results on Bing.
Do not use this
Report this as a deceptive site from your browser. I don’t know if it would help, but it is an option.
That’s it! A VERY professional effort, and extremely dangerous. I reckon it steals your login, then forwards you to the real site, even logging you in so you don’t realise what’s happened.
I’ll have a look and see if that is an option for me. You might do it too, in case I can’t.
I too had come across several sites. I once contacted support. They told it might be self hosted bitwarden instances. BTW didn’t you notice this was not there.
Also notice the version difference.
This has happened before and someone else reported another site on Github. Seems like hosting Bitwarden is a pretty easy thing to do. All you need to do is rent a server and install the software.
It makes me lose confidence in Bitwarden. I found a flatpak app in Linux Mint software manager. I downloaded it. I’m not sure if I logged into it. I read on a forum, maybe this one, that ‘the community manages it’. It seems bizarre to allow ‘a community’ to manage such an important tool.
Are these self-hosted instances criminal enterprises? What would happen if you logged in? I will be A LOT More careful in future before logging into any security or banking site!
I reported this particular site to Bitwarden support, Google, Bing, and the US government agency which looks into these phishing sites.
I don’t know any of these sites. I manually type the URL caeruflly to avoid any typos. Once you logged in to another site like that go to official bitwarden site and maybe deauthorize all sessions if you have any doubts.
It is not linked.
I’ve spent the last 7 hours changing passwords and 2FA, and I’ve cancelled ALL my bank cards.
Please save the URL to your bookmarks.
Yes, I’ve done that, but I find myself being really paranoid now. IS IT the real URL? Is THIS the real Windows download?
This would appear to be the real vault:
I’m not sure what the # is for?
The # is there for me as well
Always check the domain and make sure that it is spelled correctly.
No one else can use the domain bitwarden.com
Yeah, I bookmarked it now, so I will not make this mistake again! I now have no access to money, because all my bank cards are cancelled, and I await replacements which will not arrive until next week.
Changed the link because I don’t want anyone to accidentally enter their credentials. @anon13423310 also did it. That is why.
If you copy the link and paste it, then you will go to that site.
Were you able to login and see your items in bitswarden