I just started using Bitwarden, and not even one day after using it, I got an e-mail telling me somebody logged in from another iOS device with an IP address that looked like it was from under the vicinity of the US capital. I’m not even from the US.
Hey there, were you using a VPN? Do you have 2FA enabled on your account? Does the email sender appear legitimate?
I was not using a VPN. I haven’t yet set up 2FA on my account (will do now). The e-mail was a notification from Bitwarden telling me that a new device logged in. I then changed the master password after that.
Did you analyze the email headers to verify that the email was not spoofed?
When you changed your master password, did you use a link in the email notice to do so?
Was your master password randomly generated by a computer? Is your new master password randomly generated?
Welcome, @Marlo to the community and to Bitwarden.
I have seen innocuous and incorrect geolocation due to Bitwarden’s use of content-delivery services, such as Cloudflare, But RapidSeedBox does not appear to be such a product.
I would reach out to Bitwarden support and send them the email, including its headers, to see if the message is legitimate and to learn if they have any business relationship with RapidSeedBox. And, if you clicked on any links in the message, be sure to ask them for their recommended next steps.
Incidentally, although “under the US Capitol” seems like the start of a spy thriller, most likely the IP address is registered to one of the ISP’s corporate addresses, which happens to be in DC, and without further detail, IP2Location placed the pin in the middle of the city, which just happens to approximate the location of the Capitol.
-
You wrote the email said “login from another device” and that sounds very unambigous - but there are also alert emails about “failed login attempts”. (but I guess you already checked again for the exact wording of the mail)
-
Did you yourself try to login on one of your devices around the same time the email got send? (because if yes, the “wrong” IP has some explanations as written by other above - and then it may be more likely it was your own device… but if you never logged in yourself at the same timeframe of that email, then the exact IP address is more or less irrelevant and I would take immediate steps…)
-
As others already mentioned, did you check for all the phishing/scam signs? (BTW, always a good idea, to use a “private-kept”, not-in-any-leaks, secure email address for the Bitwarden account)
-
If it was a legitimate login warning email, meaning someone else actually logged into your freshly created account, I would seriously think about the possibility, that you have malware on at least the device, from which you created the account - and/or from which you logged in after that.
PS: There is a blog article, that would give some ideas, if it indeed was a successfull login of someone else: What to do if you think one of your online accounts has been hacked | Bitwarden Blog