Hacker changed my password locking me out

and is going through and changing password for my other accounts.

I’m using Duo for 2fa and fingerprint on phone. but I think the hackers got in through my phone through a fingerprint exploit as I never received a Duo push request

Is is possible to get back in with my recovery codes or are they only for 2fa replacement?

Is there a way to ‘burn’ the account to keep them from changing all of my account passwords and accessing my credit cards? I sent emails to support buy haven’t received a response yet.

Do I have any options??

Sorry to hear of your trouble.

If you still have access to the email address you use for BitWarden then you can delete your account:

https://bitwarden.com/help/article/delete-your-account/

2 Likes
  1. I will try to help, but I don’t know much about some things that involve something in legal terms and cyber defense. What I know in practice is about algorithm development and research. In this initial notice and reading about your general questions and problems I will try to help you in the best possible way, I apologize if I cannot help you.
  2. When an account gets hacked you usually try to see the situation from 3 different angles, think of it as a rating, a triage, a status.
    2.1 For example, if someone has access to your account. In this specific case, the angle is of the severe type. So why the hacker can have access to everything.
    2.2. About this, try to contact your credit card company or banks you own and request the block immediately.
    2.4 After all, even if they change the password, the locked card can prevent anyone from using it. Try to do this as soon as possible.
    2.5 After that, even if you forget the password of most sites you visit or even someone (hacker) changes the password, most sites have a way to recover using your email or cell phone. And even if they (hackers) change your email or cell phone number on these websites and accounts, you can prove it. If you access email, most websites will send you email notifications. If they have access to email and exclude access to those notifications, that’s quite tricky. And I don’t know what we could do.
  3. If you don’t remember or don’t have access to most sites, a tip is to check if you login with google, if you login with google, there is a list of sites you have connected to, from there, you you can try to close the connection to these services if you notice that someone is accessing from an unusual location.
  4. About Bitwarden, I don’t know if you can request account deletion if you don’t have access. But, it’s worth trying and seeing this. In theory it makes perfect sense, no one would ask to delete the account if they don’t have access to the account.
  5. I don’t know if it is possible to recover the password with recovery codes.
  6. Let your friends and family know about this problem as soon as possible, to avoid serious problems, it is common for someone to try in these cases if they pass you by.

I hope this answer is the most complete and that it helps you in some way.

references

You have 2FA enabled but your account got hacked. That is strange. Maybe someone you know has access to your devices.

3 Likes

@svmike We had an incident a couple of hours ago, where users experienced issues logging in. Could you please try again and see if it’s still a problem.

Kind regards
Daniel

1 Like

Nous avons eu un incident il y a quelques heures ! Un (incident) ou un (piratage) parce-que j’ai eu le même problème que [svmike] ce matin !

Cordialement

I want to thank everyone for their thoughtful replies!! This was a terrifying experience, however @djsmith85 was right, I was just able to log back in - and change the password. I recently switched to Bitwarden from dashlane because of the integrated 2fa, file attachments, notes, custom fields and - the price!

1 Like

@svmike Glad the issue was resolved and happy to welcome you to the Bitwarden community.

Kind regards
Daniel