Hi Team,
I feel like I am a frequent victim for hackers, I almost get 2 mails in a month of failed login:
Anyone else facing the same issue? How safe are we? Is there any action to be taken from our end?
Thanks,
Avinash K N
@mastfun Welcome to the forum!
What does the text of these emails say? In particular, does the last paragraph begin with “If this was not you, don’t worry”, or does it begin with “If this was not you, you should change your master password immediately”?
If the latter, then you should change your master password immediately, as instructed! If the former (a more common case), then you don’t need to worry too much.
In this former case, what you’re experiencing indicates that the email address you are using for your Bitwarden login is publicly available, and/or has been part of some data leak from a website unrelated to Bitwarden (something that you can check for here). Hackers are now pairing your email address with different leaked passwords (or other easy-to-guess passwords) in the hopes of getting lucky and finding your actual master password. Unless the “Failed login attempts” notice is later followed by a “New device logged in” notice identifying a login that was not you, then you don’t have to worry.
Nonetheless, to safeguard your Bitwarden account, you should take the following actions:
-
In case you do not have 2FA enabled on your Bitwarden account, you should enable Two-Step Login immediately. Don’t forget to print your 2FA Recovery Code, so that you don’t get accidentally locked out of your account.
-
In case your Bitwarden master password is a password that you have ever used on a different website or online service, then you should immediately change your master password.
-
If your Bitwarden master password is not a randomly generated, 4-word passphrase, you should seriously consider upgrading your master password to such a passphrase, to make it uncrackable.
In addition, if you find the notices annoying or worrisome, or if you don’t want to solve the Captcha challenges that are imposed by Bitwarden when these types of attacks occur against your account, then you should change the email address associated with your Bitwarden account. It is recommended to use an email address that has not been publicly disclosed, and not used for any other online accounts.
3 Likes
This is the text I received:
Additional security has been placed on your Bitwarden account.
We’ve detected several failed attempts to log into your Bitwarden account. Future login attempts for your account will be protected by a captcha.
Account:
Date: Tuesday, December 26, 2023 at 6:06 AM UTC
IP Address: 58.136.236.197
If this was you, you can remove the captcha requirement by successfully logging in.
If this was not you, don’t worry. The login attempt was not successful and your account has been given additional protection.
run virus scan like kaspersky/eset maybe you have keylogger and change your password
@Eugene99 — No, there is no evidence that @mastfun’s device has been compromised in any way, and there is no need to change the master password unless @mastfun has been using a master password that is not unique, or that is weak.
As the email message says: “don’t worry”. There is no need for panic. I explained what happened in my response above.
@mastfun: The email you received was of the variety that says “don’t worry”, so the only thing that has happened is that hackers have obtained your email address. Did you check whether your email address is included in the database of leaked data that I had linked above?
In any case, you only need to follow the advice in the second part of my comment above:
1 Like