Can you log into the web vault (and be sure it’s the right one, either US or EU, they are different). If you are in the US and inadvertently tried logging into the EU one (or vice-versa) that would explain the “no account found” issue.
If you have historical Bitwarden emails, you can confirm from them your account’s email address and the server it is/was on.
You can confirm if an account still exists with the same email on that server. Just by trying to register a new account on the same server with the same email.
If you are able to register it means one of two things:
your previous account’s email was changed
your previous account was deleted
If you had a json export or saved the client_id from your account’s API Key you would have your account’s internal ID.
If you do not have these, that ID can also be found on the vault cache file from a client where you previously had logged in (even if the accounts are logged out right now).
AFAIK, that ID can not be changed for an account.
In that case you could ask support if they are willing to tell you if that account ID exists on your server (to find out which of the two previous things happened: account email change or account deletion).
But I don’t know how could you convince support to give you that information.
If you have a data.json file from a desktop client, this is one command to find out the account IDs that have previously been logged in on that client:
@youtube.4fun Welcome to the forum, and sorry that it had to be under such circumstances.
One simple scenario that may explain all of your symptoms would be of a bad actor gained access to your email account, and used this access to delete your Bitwarden account (and subsequently covered some of their tracks, such as deleting the Bitwarden email message that had the account deletion link).
My suggestions would be to:
Do whatever you can to determine whether there may have been unauthorized access of your email account.
Ask Bitwarden support whether they can find any records indicating that your account was deleted. If your account did exist on June 2, then Bitwarden should have access to PITR transactional logs that would show whether an account deletion occurred on June 3.
Thanks for your message.
Yes, it was tested already, I have created mine on .com server.
But as for double-checking, tried logged in on EU server as well.
Both
Super thanks for your detailed response.
How can I do this JSON thing to extract the file from the desktop client?
Even tho, the desktop client that had Bitwarden installed was formatted by me Yesterday due to behaving really odd.
Now I understand that Ideally I should booted with my Ubuntu USB then locate this JSON thing to recover the account, correct?
What was the result of testing? Were you able to create a new Bitwarden account using your old Bitwarden email address (the one where previous Bitwarden emails were sent)?
I was able to create a new account using the same email address that I used before.
But as the support agents told me, it still has a chance that they changed the email address of the account then deleted all traces.
They could also made a backup then deleted the account as well.
Yes, the problem is that there is no confirmation about what happened. If you didn’t delete your account, then someone or something else did. You might not have a way of preventing this from happening again.
I would think about changing all the important passwords. If I were you, I would do that now, and regularly change the rest.
@youtube.4fun If you believe that you may have such a device, please completely disconnect the device from the internet before investigating any further.
Thanks kpiris and grb for sharing. I still have these devices.
The MacBook that I bought: I’ve logged in there but just before that I’ve got forced logout, where can I find it on a Mac?
I also have an iPhone 15 Pro (main phone) which had Bitwarden (I even uninstalled after this happened because I was unsure if it was causing some harm).
I also had it installed in my backup phone (the phone that was used to be my last resort), an old [unrooted] Galaxy S10e.
Is it possible to fetch these files on iOS and Android as well? If yes, where should they be located?
Oh, I’m super sorry Kpiris, in my browser I didn’t noticed that was a link, it appeared like an ad in the middle of the forum. I’m reading at this moment. The one that you shared int he last comment leads to this post here, but I found it, is it this one, correct? Data Storage | Bitwarden
I’ve just read the link. I’ve still have Bitwarden installed on my MacBook which I forced logout.
It was the App Store version, tried finding it here as described in the link:
Mac App Store: ~/Library/Containers/com.bitwarden.desktop/Data/Library/Application Support/Bitwarden
But there’s nothing with such name or a similar one there.
Just for a double check, I also tried to find it on the standard installation method path:
Standard installations: ~/Library/Application Support/Bitwarden
Also, couldn’t find it.
It was also installed as a Chrome extension on my Mac, tried finding on ~/Library/Application Support/Google/Chrome/Default/Local Extension Settings/nngceckbapebfimnlniiiahkandclblb
There’s nothing with such name.
Do you know if Bitwarden changed the coded name of these extensions since this article was created? Data Storage | Bitwarden
Tried to find on my Android even after uninstalling it to see if there was any leftovers, no success finding on * Android: /data/data/com.x8bit.bitwarden/
Tried to find on my iOS mas as well it was uninstalled.
Also, I don’t know how do I browse files in my iOS, tried going here * iOS: app group for group.com.8bit.bitwarden but no success.
If by any chance I find it under these two extension coded names that I have on my Mac, inside that folder, is the file name called: ‘.global_account_accounts | keys | .’ < data.json?
Should I run this command: jq -r ‘.global_account_accounts | keys | .’ < data.json
In that folder?
If I do this on one of the folders that I found, I would be able to recover my account?
I was suggesting all this in order for you to find out what was your account internal ID so that you could ask Bitwarden support if that ID still existed on the server your account is/was.
If you were still logged in with your account on a device of yours, perhaps there would be something that could be done.
Guys, I’ve managed to repair my old MacBook Air A1466 2017 in which has the Browser Extension on Brave.
I’ve found the file under that the article is referring to: * Brave: %LocalAppData%\BraveSoftware\Brave-browser\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
The path is slightly different (maybe it changed after the article has been wrote).
@kpiris told me to run this command “jq -r ‘.global_account_accounts | keys | .’ < data.json”
I’m completely new to Mac Terminal, how should I exactly run this command?
Is it possible to recover passwords that I had? I’m still changing passwords everyday here, one by one, it’s heavily time consuming as I don’t even remember everywhere that I’ve created an account.
Can I do something useful with this file and the command?
The browser extensions generally do not have a data.json file, but in the Chromium based browsers (like Brave), I believe that the encrypted vault data are stored in a .log file (which typically has a numerical file name, such as 012345.log) in the nngceckbapebfimnlniiiahkandclblb folder. To avoid further data loss, I would suggest that you make a copy of any .log files that you see (or of the entire folder).
However, I don’t see any fields named global_account_accounts in the .log file for my own Chrome extension. A suitable alternative may be global_account_activity. Instead of using the jq tool, you can just open the copied .log file using a text editor (perhaps TextEdit or Notes on macOS), and search for the string global_account_activity. You will hoepfully find something like the following:
In the above, each “xxxx” is a hexadecimal code. The string “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx” is your User ID. There may be more than one User ID present if you have logged in using multiple Bitwarden accounts.
After doing the above, fully disconnect the Macbook from the internet (disable WiFi and disconnect any Ethernet cables), then open the Brave browser and open the Bitwarden browser extension. Can you unlock it?
You’re welcome. If you were able to find the hexadecimal User ID code, you may be able to follow up on your support ticket, to determine whether your original account was deleted or taken over (with a new email address and account password).