Unauthorized login detected

I recv’d an email about a login from an IOS device. I do not use any apple product!

Hi @mudshark,

Sorry to hear, I can understand that this would be quite alarming to say the least.

  • Firstly, I would ask to confirm the email you received is indeed a legitimate login notice by checking the sender email address should be [email protected]

  • Have you recently logged into any new devices, or downloaded any files that could be malicious? If you have an infected device you will want to isolate it immediately.

  • Have you possibly reused any password for your Bitwarden master password?
    You can also check if the master password you use for your Bitwarden login has been previously leaked by using Have I Been Pwned: Pwned Passwords.

  • In any case if the alert appears to be legitimate, you may wish you change your master password, and I would highly recommend at least some form of 2FA login.

  • As recommended in Security FAQs | Bitwarden Help Center you can deauthorize all current logged in sessions by going to the Bitwarden Web-Vault, under Account Settings > Danger Zone > Deauthorize Sessions.
    As an additional step, you may wish to also rotate your Bitwarden account encryption key as yet another precaution if you believe your account may have been compromised.

Once you have verified any needed steps have been taken to fully, I would recommend unfortunately going through the arduous task of changing and updating all your current logins stored in your Bitwarden vault as there is no guarantee of what may or may not have been accessed and to err on the side of caution and presume all logins have been compromised.
I would start with prioritizing your most important logins first, banking, email, other financial accounts, etc. and then move on to things like social accounts, and the other less prioritized on your list, etc.

Best of luck, hope this helps.

1 Like

Would you mind sharing the exact wording of the email?

It could have been one of the following two messages, which have very different implications!

 

Message Version A:
Additional security has been placed on your Bitwarden account. We've detected several failed attempts to log into your Bitwarden account. Future login attempts for your account will be protected by a captcha.

Message Version B:
Your Bitwarden account was just logged into from a new device.

 

While both of these message versions can be troublesome, Message Version A is far less problematic than Message Version B. Which one did you receive?