[Warning] All data completely deleted from account

I just came to address a similar situation that happened to me about 2 hours ago. You can see my post of the description of my data vault being empty in a thread I created.

As an update it seems to have returned to normal on the web, and I never “lost” my vault on my phone.

I have trusted bitwarden with alot of data, and while there was a pucker factor for me in the short term that there was a loss or worse it was compromised as other services as discussed here, my background allows me to suggest that this was more along the lines of a DNS/Server reboot to fix DNS in code, double whammy and the resulting outage was way transient and not effecting a system wide outage.

For my two cents.

2 Likes

Thank you very much for the reply and your posting as well!

Who knows there very well could be an issue that is recent, which has not been seen before and would yet need to be investigated as to why users may be experiencing this issue.

It seems that while some symptoms are not the same, some others do appear to have produced a similar result for you.

Again as always, I will just reiterate the importance of regular backups for any important information, hopefully to multiple locations.
Any example or thought of data loss is always a stark reminder of this critical step of taking control of your own data.

Appreciate the info :slightly_smiling_face:

Bottom line on all this is to use the export function and save an encrypted backup. Or export a non-encrypted .csv and back it up into keepass, keepassxc or similar. Those are not as easy and enjoyable as bitwarden but you can host them on your dropboxes or email accounts as backups. The tricky part some people may overlook is that when you import the downloaded bitwarden csv into keepass you need to scrolldown to the dropdown menus where you coordinate the data fields. It is actually quite easy even if this sounds confusing. Just try it and remember to scroll down. There you will see what to do - there are columns that say things like “user id” “url” “password” and you just need to match them up. A third grader could do it if you just persist and take care of the basics. Back Up Your Data and OF COURSE always back up your password managers!!!
PS The OP might have been hacked by a 3rd party who wiped his data, right? Bitwarden staff are actually pretty cool people I wouldn’t jump to conclusions.

RogerDodger: you are probably right. I never claimed the problem I faced is a common occurrence. The issue here isn’t what happened or on what frequency it happens, but what Bitwarden’s support does or doesn’t when it happens. That’s what made me conclude Bitwarden shouldn’t be trusted: Poor to inexistent support.

Gerardv514: About contribute in figuring out what happened, I’d be glad to, but unfortunately, Bitwarden’s support just ended our talking with automated messages saying nothing could be done. I just can’t help if they don’t want it.

Para: That’s really overestimating, isn’t it? All we can say for sure is that I’m the only one who decided to come here and post about it. And I’m happy to say I don’t work for LastPass and wouldn’t recommend it either. Pointing Bitwarden’s service flaws doesn’t mean I’d accept other service’s flaws. And for that same reason I’d not recommend Bitwarden as well.

cksapp: Well, it’s fine if you think that. I just stated my point of view after I had to talk to Bitwarden’s support. To me it was clear they didn’t care at all. I do believe if a person or a company, such as Bitwarden, has a service, they should be capable of finding the root cause of a problem, or at least try to do that. Fortunately it may be something rare, happening to a few, or maybe just with me, but what if it was something widespread? Or if in the future it becomes widespread? Let me be clear: they didn’t even try to find out what caused the problem, there was no questioning about what I did before it happened. It was just: “yep, your data is gone, there’s nothing we can do”. There was no try to diagnose/troubleshoot it. As a support professional, I acknowledge the importance of delivering outstanding service to clients. If I were to provide the same level of service I have experienced, I would probably be dismissed promptly.

ForumGhost: I’d find it pretty difficult. They’d have to get my password and access to my TFA. I’d also have notifications from Bitwarden warning me about a new login. I even bought security keys and on the day of the incident I was checking Bitwarden’s plans so I could use my keys to secure even further my account, so you could say I take my security very seriously.

For everyone:
Let me clear. What I am saying is: Bitwarden service (provided by the company) shouldn’t be trusted. You should differentiate Bitwarden’s service from Bitwarden itself. Right now I am hosting my own instance (running a Bitwarden’s fork) and I’m considerably happy since I can trust it, because on it everything that may happen is my responsibility.

PS.: I’m not mentioning anyone because new community users are limited to mentioning just two users.

The vast majority of users have had positive experiences with Bitwarden’s tech support, so perhaps the source of the problem lies elsewhere. You haven’t really helped your case by repeatedly misrepresenting what support staff have said to you:

In contrast, the only non-fabricated quote from their email communication with you was: “Bitwarden does not log its users’ activity, and it is not possible for me to investigate what happened in your vault”, which seems like a perfectly reasonable answer (to those of us whose judgment is not clouded by being upset). Unlike some other password managers, Bitwarden does not log what users do in their vaults, for privacy reasons. Thus, it is literally impossible to retrace your steps to determine what caused the data to apparently vanish. Evidently, their email to you had also provided additional suggestions for how to solve the problem (e.g., ensuring that you were accessing the correct account), so it seems to me that you are grossly mischaracterizing what happened in your interactions with support staff.

You’re not going to like this, but based on the evidence that has been presented in this thread, it seems to me that the most likely explanation is that you accidentally purged your vault.

In any case, good luck with Vaultwarden. I should also point out that if your view of what happened to your Bitwarden vault is correct (i.e., some obscure flaw in Bitwarden’s code caused your data to be erased), then you are still not completely safe as long as you continue to use any of the Bitwarden client apps to interact with your self-hosted server. If the hypothesized bug was not in the server software, but in one of the client apps, then it could rear its ugly head again and erase your vault. My advice to you would be to make frequent backups.

1 Like

I would like to reiterate a point from a comment on another post as well as it would be relevant.
Not only would there be this possible concern, if we are considering all possibilities.
But also the very real possibility of incompatibly with using the Bitwarden clients, and an unofficial 3rd party backend server.

And described there have been several cases shown where incompatibilities between the two have caused issues for users.
For the best compatibility, while still wanting to be in control of your own data self-hosted the official Bitwarden service would most likely be the best bet.
As you can still retain control of your information and Bitwarden allows you to self-host your own service.

Though again scores the importance of individual backups separate from Bitwarden’s service. I believe this has been discussed to length in this topic, and regardless of the service are critical.

@grb You call it misrepresenting, I call it reading between the lines and interpreting their (lack of) actions. Arguing “the vast majority of users have had positive experiences with Bitwarden’s tech support” is way too overexaggerating. I’d rather argue the vast majority never had to talk to them, and I honestly hope they never have to, considering my own experience. All in all, we agree to disagree and it’s totally fine. As I said, I didn’t come here to make anyone believe me. I came here to give a warning to those who may think that in the occurrence of a problem, they will be covered by Bitwarden’s support, because they won’t. Logging my actions wouldn’t even be necessary to provide a good level of support service. Regarding my self-hosted instance, Vaultwarden server backups are automatically done regularly, which means if any problems like that happened I’d first restore the most recent one and then proceed to analyze what happened and find its root cause, but I have to say it’s probably not a client bug but a server one, considering I haven’t done any actions on my clients on the day of the incident (just one action on web vault). About accidentally purging my vault, I’m sorry but it seems you have no idea how purging a vault works at all. You have to go into your account settings, click on a button inside a section named Danger zone in red, insert your vault’s master password, and then click on a red button titled Purge vault. How could it be humanly possible to do that accidentally? As for deleting all items (since this process has less confirmation), they would be sent to the trash and then I’d have to delete all items a second time. Again: how could it be humanly possible to do that accidentally? I may be clouded by being (rightfully) upset, but the same could be (wrongfully) said about you by not accepting an unknown internet guy criticizing a company’s support service as if it was something sacred and impossible to be criticized. We both have our own opinions, our difference is: I respect yours and won’t try to ad hominem your opinions by attacking your actions or yourself. I’m trying to be crystal clear here: By no means I’m saying the Bitwarden software shouldn’t be used (being the server or the clients). My complaint and warning are only about Bitwarden company, specifically Bitwarden’s support (or the lack of it, in my opinion).

I can’t say I’ve found any incompatibilities or issues on my tests before I started using Vaultwarden “in production”. It’s also worth saying that with my instance I am fully responsible for self-supporting: it means I’ll have no chance to get a subpar level of support as I experienced again. If I want to or a need to change my password manager arises, I could easily migrate to any other password managers such as any other one from this list, just for example, some even have companies behind them with free/paid plans like Bitwarden (on their cloud/managed-hosting options), some are opensource with a self-hosting option, some have less or even more features in comparison to Bitwarden. But that isn’t the subject of this topic, so I’ll refrain from going off-topic again.

I chose Vaultwarden because (1) it’s more lightweight than Bitwarden official option; (2) for my needs it works just like Bitwarden’s official server (even better, considering that I don’t have to get a signature to use MFA (in my case, OTP app + security keys) instead of just 2FA, improving the protection of my vault, though I wouldn’t mind paying if I received a good customer service); (3) I can keep using Bitwarden clients, so there’s little no none efforts in my migration; (4) I’m responsible for self-supporting and managing the server, so it will always meet my expectations.

Sorry but I failed to even understand what you wrote, so I do apologize if I’m unable to answer your concerns and I’d also like to suggest you to use DeepL Translate or even Google Translate to help you to better express yourself.

I have no reason to share it on my social networks since they are meant for my personal posts, not complaining about technical issues most of my friends unfamiliar with IT wouldn’t understand.

Again: I have no reason to ad hominem anyone here, and I certainly won’t do that even to you, even though it would be ironically easy to apply your own ad hominem against yourself.

If I did understand what you wrote right, you tried (and failed) to find and stalk my social network accounts. That’s kind of embarrassing as I don’t make any efforts to hide myself, to the point that I’ll even help you to find me:
https://fasouza.org/

I haven’t published my site yet, but feel free to access it and find my social network accounts.

PS.: I really shouldn’t say that, but do you realize the irony of your post considering your own profile? :roll_eyes:

“As I said, I didn’t come here to make anyone believe me.”

Well, there is a huge difference in making someone believe in what happened and making someone believe in my existence.

You literally denied my existence. I’d say I’m on my right to defend myself against such a ridiculous accusation, wouldn’t you agree?