i keep on getting random login attemps from these ips, 191.96.67.165,191.101.157.87,143.244.48.19,194.104.11.172,180.74.66.60,104.129.24.118
@kittenvr Welcome to the forum!
What is the exact wording of the email notices that you are receiving from Bitwarden?
If they start with the sentence “Your Bitwarden account was just logged into from a new device”, then your account may have been hacked.
Likewise, if the notices say that “We’ve detected several failed attempts to log into your Bitwarden account”, but also contain the sentence "If this was not you, you should change your master password immediately ", then your master password may have been compromised.
On the other hand, if the notices say “We’ve detected several failed attempts to log into your Bitwarden account”, but do not contain the language about changing your master password, then the situation is fairly benign. In this case, it means that the email address (but not the master password) to your Bitwarden account is publicly available, and that some attacker is currently trying to access your Bitwarden account by trying various leaked passwords that may be associated with your email, or a trying a list of common passwords in the hopes of getting lucky.
You should put in place the following precautions if you are not already using them:
-
Enable two-step login (2FA) for your Bitwarden account.
-
Ensure that your master password is unique (never used elsewhere), confidential (never disclosed to anyone), and uncrackable (i.e., a computer-generated combination of 4 randomly selected words ).
If the above two safeguards are in place, then a brute-force attack against your Bitwarden account will not succeed. However, if you wish to stop the attack (so that you no longer receive the notices about failed login attempts), you also need to change the email address associated with your Bitwarden account. Ideally, this should be a unique email address that you only use for logging in to Bitwarden.
2 Likes