How to check for Data breach (Multiple accounts)

ThisBitIsWarden · June 11, 2024, 2:20pm

Hi,

this might be a stupid question, but I did not find any info in the FAQ or the app itself, hence I’m posting this here.

I’m paying for my personal account as well as for my Family Corp. I’m looking for the Info on how to check for “Data breach” on accounts. I found that I can type in one Email Address and check for breaches, but I was rather hoping for a full audit on all of my accounts, I do not really want to C&P all the addresses I got (500+ alias addresses).

So, how do I do this, or am I really the first who asks this ?

DenBesten · June 11, 2024, 5:31pm

Are you looking for the vault health reports? They are only available on the web vaults (https://vault.bitwarden.com or https://vault.bitwarden.eu). They are not in the apps or exstensions.

ThisBitIsWarden · June 11, 2024, 6:25pm

Thanks, yes I was checking the web vault.

Fig 3 shows how to do this for individual accounts, fine, does anyone expect me to type in some hundreds of addresses plus account names?

There must be an easier way to do this.

Nail1684 · June 11, 2024, 9:32pm

I guess, currently there is not. (PS: Maybe it is possible by using CLI? I have no clue - not familiar with the CLI. Someone here, who can say something about that?)

Hopes rest on this one, I suppose: Vault Health Dashboard - Data Breach Report should do automatic lookups and alerts (pinned as “roadmap:planned”… though I didn’t check, if your need would be met there)

grb · June 11, 2024, 10:50pm

For Premium users, you can run an Exposed Passwords Report, which checks all passwords in your account. This should be more specific than checking email addresses.

ThisBitIsWarden · June 12, 2024, 6:23am

Thanks, as expected, I just wanted to be sure I did not overlook anything.

ThisBitIsWarden · June 12, 2024, 6:24am

Not really what I was looking for, but thanks

grb · June 12, 2024, 2:39pm

Not sure why you’d have a preference for checking email addresses over passwords, but if your alias addresses are on your own domain, you could use HIBP’s Domain Search to find all breached email addresses on your domain.

ThisBitIsWarden · June 12, 2024, 3:57pm

Yes, I did this already, but it’s an manual task I need to re-do every now and then.
Unlike the email check, the domain check is not proactive.

grb · June 12, 2024, 4:39pm

All Bitwarden Vault Health Reports are manually initiated, without automation (including the Data Breach report for email addresses).

I have not used it myself, but HIBP’s description of their Domain Search service claims that after you have verified your domain and checked if any of the associated email addresses are breached, “you will also receive notifications via email if they appear in future breaches.”

Neuron5569 · June 12, 2024, 9:09pm

There are subscription fees if the breached addresses in the domain exceed 10.