Data breach report should search against all email addresses used in vault

wolfgang8741 · March 3, 2022, 2:37pm

Integrating with or otherwise collaborating with Mozilla’s monitor.firefox.com open source project https://github.com/mozilla/blurts-server/ might be a route to share the burden in maintaining a multi email breach monitoring and report system. Monitor already supports marking breaches resolved and both Bitwarden and Monitor are powered by the same source Have I been pwned.

wolfgang8741 · March 3, 2022, 3:01pm

Reports for all email in the vault is especially important if generated emails are used per account ie https://community.bitwarden.com/t/generate-email-aliases-for-new-logins-implement-email-protection/32787/3 and from other existing services.

webbit · March 31, 2022, 8:03pm

1 additional vote

it would be really nice if the “data breach report” tool could check all the emails in the vault.
I use an email alias for each account.
The current “data Breach report” tool is unusable for me.
Currently I use “Mozilla Firefox Monitor” to check my main email addresses. But I can’t check all my email aliases.

VincentVega · April 13, 2022, 5:07pm

Hey guys, I believe it would be great for everyone if we had the option for Bulk data breach report: typing a list / importing many emails to check, instead of having a single fill box.

Of course, together with a notification function - would be nice to get notified as a breach happens.

Gaurav · April 14, 2022, 6:28pm

Hey @VincentVega , your request seems quite similar to Data breach report should search against all email addresses used in vault.

You may want to cast your vote there and add your inputs there for the convenience of everyone to follow upon the similar requests.
Cheers

mcgreal_sukkur · May 27, 2022, 4:37pm

Seems similar to Data breach checks on individual logins

Perhaps since it is older votes could be redirected to that.

sclark · September 26, 2022, 7:13pm

I really hope this feature request is seriously considered, especially now that the username generator has been implemented (and I hope to shift away from the old single email/username methodology).

Also, most comments have specified email address, but I think if it can check any username, there’s not need to limit it to email addresses.

Out of scope, but a cool addition: It may not be possible through the API, but I’d love for BitWarden to provide a way to bulk sign up for the “Notify Me” feature for each email in my account that hasn’t already been signed up. (Have I Been Pwned: Notify me)

sclark · December 29, 2022, 7:26pm

Should this merged with Vault Heatlh Dashboard - Data Breach Report should do automatic lookups and alerts?

bw-admin · December 29, 2022, 7:29pm

Thanks for checking in, I think they are distinct requests, the referenced request is to move to a dynamic dashboard type experience (which is planned), while this request is to expand the functionality of the specific Data Breach report to include additional emails rather than just the account email.

NeuronsNeeded · January 4, 2023, 6:37am

Doh! This is basic functionality in every other password manager, to check all accounts in the vault. BitWarden’s report even says “Cgecj abt yserbanes ir enauk addresses that you use.” However, this is not the case. Heck, might as well go back to LastPass!

bw-admin · January 4, 2023, 6:40am

Hey @NeuronsNeeded thanks for the feedback, there are additional reports for other plan types, such as exposed, reused, weak etc that cover all accounts in the individual or organization vault.

More info here: Vault Health Reports | Bitwarden Help Center

jbramwell · January 10, 2023, 8:30pm

Agree with this request. As a soon-to-be-former LastPass user, this is something I will miss in Bitwarden (until it gets implemented).

Thanks!
— Jeff

wnelson03 · January 11, 2023, 1:35am

Automatic would probably difficult since it would have to be done on the client after decryption, and some people set vault timeouts quite short. If you don’t use that many different email addresses, you could subscribe them to Have I Been Pwned alerts.

wnelson03 · January 11, 2023, 1:36am

Given the LastPass breach and the practices of LogMeIn, the parent company, this doesn’t seem like a viable option for anybody. If you don’t use that many different email addresses, you could subscribe them to Have I Been Pwned alerts.

Keepaster · January 17, 2023, 2:08pm

Here just to say i logged in to create this feature request but see there is one already.

Like many others, I use SimpleLogin with over 300 email addresses so this function would be uber useful to me. Happy if it is in the browser only on a web page as appreciate it would bog an app down while running.

Imjustarandomguy · March 15, 2023, 9:44am

Simplelogin will now notify users when the alias email is detected in a breach. Pretty cool

u8h4x72d · September 27, 2023, 1:31pm

Hello
I’m very sorry for spamming everybody but given that I’m very interested on this feature. do you know if there are any updates on its implementation?

thanks!
A

bw-admin · February 8, 2025, 12:52pm

Feel free to ping if you want this feature request reopened.