I’m unlucky experementing a Forced login attempts:
I’m receiving thousands of email for two step login verification…
I’m afraid that the bot can eventually succed…
I also succed to change the master password to a decidedly complex one (15 chr, lowercase, capital letters, numbers, special symbols…), but I continue to receive these emails requesting confirmation (with the sending of the OTP code).
How peaceful can I be…
There are 10^6 possibilities… but the fear is there…
Thanks,
Riccardo
Hello Crips, and welcome to the community!
Are you talking about your Bitwarden account or other kinds of accounts?
If they manage to get BW to send you an OTP for 2FA, that means they know your master password; otherwise, they wouldn’t get to the point where BW sends you an OTP. If you have changed your master password, but continue to receive such an email, then you may want to check if you machine has been compromised/infected by a malware because they know your changed password.
You need a clean machine to make any changes; otherwise, they might be ineffective or the information breached right away.
OTH, you may also want to verify the originators of the emails you are receiving. They might not come from Bitwarden and might be a ploy to misdirect you with lots of worrying emails. I say this because BW will throw CAPTCHA to slow down attacks on your account, but you said you are receiving tons of emails.
@Crips Welcome to the forum!
Edit: Please read the “Update” at the bottom of this comment.
There are two different email warnings that Bitwarden sends in these situations:
Which version have you been receiving from Bitwarden?
Regardless of which version of the email warning that you are receiving, the fastest way to end this type of attack is to change the email address that you use as your Bitwarden username. I would suggest that you log in to your Web Vault (vault.bitwarden.com or vault.bitwarden.eu, as applicable), and navigate to the Reports > Data Breach; using the Data Breach check, verify that the email address you plan to use as your new username is not found in any known data breaches.
If you don’t have another email account (or if all of your email accounts have been found in data breaches), then check whether your email service provider supports so-called “plus-addressing”: for example, if your regular email address is [email protected], then you can also receive emails sent to [email protected] (where xxxxx can be replaced by any word or random string of letters/numbers).
Before changing the email address used for your Bitwarden account username, go to Tools > Export Vault in the Web Vault app, specify the “.json (Encrypted)” file format, and the “Password Protected” export type, then follow the prompts to create a Password Protected backup of your vault contents. This is a prudent precaution, because on occasion, the vault can become corrupted during the username change process. If you have a Premium account, it is also recommended that you enter the search string >attachments:* to locate any vault items that have file attachments; download copies of these files if you do not already have backup copies available elsewhere.
@Neuron5569 is right, if the OTP messages are legitimate emails sent from <[email protected]> or <[email protected]>, then the attackers already know both your email address (Bitwarden username) and your master password.
Unless you had a weak or re-used master password, then it is very likely that you have unlocked or logged in to Bitwarden on a phishing website or on a device that is malware-infected. And since you continue to receive the OTP emails after changing your master password, it seems clear that the computer or mobile device that you used when changing your master password is compromised by malware.
Do not log back in to your Bitwarden account on the compromised machine (i.e., do not complete the email address change recommended above using a device that has malware).
Your first priorities should be to detect and remove all malware on your device, and in the meantime, to find a clean device that you can use to change your Bitwarden username and master password.
