How to check for Data breach (Multiple accounts)


this might be a stupid question, but I did not find any info in the FAQ or the app itself, hence I’m posting this here.

I’m paying for my personal account as well as for my Family Corp. I’m looking for the Info on how to check for “Data breach” on accounts. I found that I can type in one Email Address and check for breaches, but I was rather hoping for a full audit on all of my accounts, I do not really want to C&P all the addresses I got (500+ alias addresses).

So, how do I do this, or am I really the first who asks this ?

Are you looking for the vault health reports? They are only available on the web vaults ( or They are not in the apps or exstensions.

Thanks, yes I was checking the web vault.

Fig 3 shows how to do this for individual accounts, fine, does anyone expect me to type in some hundreds of addresses plus account names?

There must be an easier way to do this.

I guess, currently there is not. (PS: Maybe it is possible by using CLI? I have no clue - not familiar with the CLI. Someone here, who can say something about that?)

Hopes rest on this one, I suppose: Vault Health Dashboard - Data Breach Report should do automatic lookups and alerts (pinned as “roadmap:planned”… though I didn’t check, if your need would be met there)

1 Like

For Premium users, you can run an Exposed Passwords Report, which checks all passwords in your account. This should be more specific than checking email addresses.

1 Like

Thanks, as expected, I just wanted to be sure I did not overlook anything.

1 Like

Not really what I was looking for, but thanks :+1:

1 Like

Not sure why you’d have a preference for checking email addresses over passwords, but if your alias addresses are on your own domain, you could use HIBP’s Domain Search to find all breached email addresses on your domain.

Yes, I did this already, but it’s an manual task I need to re-do every now and then.
Unlike the email check, the domain check is not proactive.

All Bitwarden Vault Health Reports are manually initiated, without automation (including the Data Breach report for email addresses).

I have not used it myself, but HIBP’s description of their Domain Search service claims that after you have verified your domain and checked if any of the associated email addresses are breached, “you will also receive notifications via email if they appear in future breaches.

There are subscription fees if the breached addresses in the domain exceed 10.