Suspicious entry

I have a password entry in my vault who is configured to pre-fill the website bitwarden dot x8bit dot com. This entry has my exact BitWarden credentials. Is this entry normal? Were I hacked and that was a way to get the credentials?

Hey there!

  • It doesn’t seem like that goes to an actual site/phishing site (unless the URL posted above is incorrect).
  • Do you have 2FA enabled for your Bitwarden account such as TOTP or hardware key?
  • If you think your account has been compromised, you can change your master password (please read through carefully).
  • You can revoke all active sessions from the settings page in the Bitwarden web vault.
  • Depending on your account type, you can also run certain vault health reports to check the integrity of your vault items.

It’s always a good idea to use web browser bookmarks or the launch item on Bitwarden vault items to visit your favourite websites, rather than typing each time, which is subject to spelling errors and could land you on a phishing site.

No, it is not.

@daa - check your browser history to ensure that was not a site you have visited. If you have a record in your browser’s history, my guess is that you did internet search for the URL to the Bitwarden vault but clicked on someone’s private instance of Bitwarden instead in the search results. Then, your local Bitwarden client saved the credentials since you visited a new website.

If this is true, you definitely want to backup your vault, deauthorize all sessions, and change your password.

1 Like

Hi daa,

Quick question in addition to what dwbit and dh024 suggested.

Any chance you moved across from another password manager? That URI sounds very similar to the ID of the Bitwarden Android app (below).


I’m just wondering if maybe you logged in to the Bitwarden app before you switched password managers. You may have inadvertently saved your Bitwarden credentials in the old password manager and imported it across with the rest of your data.

Just a theory that might explain something odd.


I don’t have a very consistent history content, so no check possible here

I really don’t remember clicking in someone else instance over my entire life

How BitWarden can save credential without my permission? I mean, BitWarden look the TLD before. If it’s not the same as the entry, for him it’s a completely different website, so he will never think about associate it with bitwarden dot com. And neither I will ask it to remember this website. So I see no way for this to happen

Back then I first came to BitWarden by importing from LastPass. But I don’t need to come from another password manager to use BitWarden Android app. I use the Android app on a daily basis. And the URL in the entry is not Android like (like android://com…), it’s more like http:// bitwarden dot x8bit dot com

But yeah, thats totally plausible that I logged through my old password manager because there was a period of time where I used both managers

If you inadvertently visited a self-hosted instance of Bitwarden on another website and did not realize it, the site would like very similar to the Bitwarden web vault at You might not immediately notice any difference, and thinking that you were logging into the Bitwarden web vault, you tried to login to a private instance of Bitwarden that was self-hosted by another user.

It can’t. But if you didn’t realize that you were on another site, you may have saved your credentials in your BItwarden vault not realizing it when Bitwarden offered to save your credentials. If you are used to allowing Bitwarden to save your credentials when you add new logins to websites or updated credentials on existing websites in your vault, you might not even remember doing this as it seemed routine at the time. Just tossing it out there because if it happened, you should change your Bitwarden password immediately. If you are certain this did not happen, then hopefully you are correct, in which case there would be no need to change it.

I’m not used at all at accepting BitWarden prompt. They bother me becauset they’re inneficient. They save bad things in bad places. The best is the LastPass one who save field name. This function was asked years ago here and devs just ignores it indefinitely

Just trying to help you or others who may have had similar experiences and found this thread. And remember, there are more than 2000 feature requests here on the forums - people have to realize that there is no way the very small dev team will ever be able to implement every one of them. Cheers!

1 Like