Someone Logged

Someone Logged my account

I used bitwarden password manager last time 1 year ago
I saved it’s some passwords of my accounts
(They are expired because i changed password of accounts every 3 months )
However I received this email

Your Bitwarden account was just logged into from a new device. Date: Thursday, December 21, 2023 at 7:59 PM UTC
IP Address:
Device Type: Chrome You can deauthorize all devices that have access to your account from the web vault under Settings → My Account → Deauthorize Sessions.

Remember I never save bitwarden password anyplace

I enabled 2FA today
I checked this ip It’s Russia ( Biterika Group )

I’m From Sri Lanka

@Thenuka_Dissanayake Welcome to the forum!

Do you still have your Bitwarden master password, and are you able to log in to your Bitwarden account? I assume yes, since you stated that you enabled 2FA today.

If so, is it possible that the password that you have been using for Bitwarden was ever used as a password for any of your other online accounts? Is your Bitwarden password part of any database of leaked passwords?

Regardless, if you can still access your Bitwarden account, you should take the following actions in the Account Settings section of the Web Vault:

  • Change your master password to a random 4-word passphrase, and enable the option “Also rotate my account’s encryption key” in the password change form.

  • Get the 2FA recovery code, and on the assumption that the intruders who accessed your your account also have a copy of this code, disable the code by entering it on the 2FA recovery form.

  • Because the above action disables any 2FA that you have enabled for your Bitwarden account, log in immediately, and re-enable 2FA for your Bitwarden login.

  • If you plan to start storing any currently active passwords in Bitwarden, then safeguard your access to your account by recording your master password and your new 2FA recovery code on an Emergency Sheet, which obviously must be stored securely.

1 Like

Thanks for the reply!
Already I changed master password and enabled 2FA.

I did your steps.

I checked leaked passwords, but it shows no pwnage found!

Did you also rotate the encryption key?

Did you also disable the 2FA using the recovery code, and then re-enable 2FA (and obtain a new 2FA recovery code)?

I hope that you followed them exactly.

The database of leaked passwords is not exhaustive. You didn’t answer my question about your (previous) Bitwarden master password: Have you ever (before or after setting up your Bitwarden account) used that same password for any other purpose, other than using it as the Bitwarden master password?