I just opened my Bitwarden vault to find a strange entry that I did not enter. It’s for a Diners Club card and includes: Card Holder Name, Card Number, Brand: Diners Club, expiration date, and a security code which is my Yahoo username.
Naturally this begs the question about security of Bitwarden. I don’t have a Diners Club card and never did. This is weird and concerning.
I am intermediate in computer user.
Comments???
1 Like
Does anybody else use your device?
Thank you for your interest. Absolutely no one else uses my computer. Even if they did no one would be able to sign into my Bitwarden vault.
That’s why it’s so weird. One of the reasons I posted here is to see if perhaps this is something that does occur from time to time.
I don’t recognize the cardholder name and find it also weird that the security code is my Yahoo username.
Do you have 2FA (two factor authentication) turned on? This really seems strange. Is you master password easy to guess, what about the hint?
1 Like
Yes I have 2FA and sole possession of my mobile phone for it. No one is going to be able to guess my password. No one has accessed my vault from my computer. I started using BitWarden about a month ago and only have added two account entries with username and passwords. So it’s been a few weeks since I have actually opened it up. During that time the above described strange entry has appeared. Both my computer and my phone are password protected and cannot be used until the password is entered.
Again I thought I would post it here to see if it is something that others have experienced. It spooks me to see this with my Yahoo username as the security code for the card.
1 Like
Imagine you loose your phone, you drop it, someone steals it. You might land up without access to your vault. Therefore get a 2nd completely different 2FA.
Now about your problem:
- Did you change your master password? If “yes”: Did you log out of all devices and logged back in?
- Do you use the Bitwarden extension for any of your browsers? If “yes”: Did you perhaps confirm by accident once Bitwarden asked if you would like to save a password?
That is not something I have ever heard of before. I take it you are not self-hosting Bitwarden?
1 Like
I just have an ordinary installation on my laptop computer running Linux Mint 19.3. Like I say it’s weird and kind of freaks me out regarding the security that I was seeking by installing BitWarden. I have only used this laptop on my home secured Xfinity Wi-Fi network.
1 Like
Hello @Elvisinflorida,
have you checked if the info is valid?
Is the info maybe shared via an organization or something?
Is there a way for you to see any login attempts or something?
1 Like
Thank you everyone for your interest.
I have no browser extensions. I have a basic installation of Bitwarden installed for about 2 months and I’ve only opened it a few times, maybe twice. If I lose my phone I will mediately have that phone shut down and get another one with the same number. So I will still have access to my 2FA. Due to the pandemic I am locked down and don’t go anywhere.
The name on the Diners Club card is no one that I recognize. My Yahoo username as the security code makes no sense. There is a card number in this strange entry.
I’ve only entered two account entries with usernames passwords Etc. It’s something that I’m intending to start using but haven’t really gotten it rolling yet with lots of entries. I’ve never changed the password.
1 Like
That’s really eerie. I don’t know what to say.
Let’s ping a moderator: @tgreer
It’s hard to say how data was added to your vault, as the browser extensions of course have ways to prompt for saving data automatically, and websites can often mis-label fields, causing seemingly wrong data to be saved.
If you’d like to check and see if the cc number is real, you can always run a Luhn checksum on it, but from the sounds of it, it’s probably just junk data that may have gotten auto saved somehow.
The key factor in Bitwarden is that if your vault is locked, there is no data getting into it. And, if data is added while it is unlocked (whether accidentally added, prompted/copied/pasted, or not) - that data is safely encrypted locally.
1 Like
Thank you for your interest and taking the time to reply with the very detailed discussion. I’ll run the checksum and report back.
@bobby_shaftoe “eerie” is the perfect word.
1 Like
The Diners Club Card number is “NOT VALID” here:
(https://www.freeformatter.com/credit-card-number-generator-validator.html#validate)
1 Like
So what do you say? Do you think that some hotkey press while checking emails or something caused bitwarden to scrap some random info from an other open tab, and saved?
I only have a pop-up blocker extension in my browser and no other extensions, including no Bitwarden. I’ve only recently installed Bitwarden and rarely have opened it. Like you said “erie”.
1 Like