Today I had a small blip of activity with vault.bitwarden.com where it gave me something like: “Sorry, you have been blocked, you are unable to access web-vault.pages.dev”. (it was a cloudflare thing)
Looking at whois for that URL doesn’t give me any indication it’s owned by bitwarden, and I did not log into that URL, but I can see a duplicate bitwarden vault login page there if I visit that site.
Can anyone shed some light on what the heck happened?
Hi ctooley, welcome to the Bitwarden community! It does appear there was a small blip as you state, and during that time the Cloudflare URL used by Bitwarden was visible. We are looking into how we can document this.
Is the web-vault.pages.dev domain owned by Bitwarden?
Is this a development or production environment? I ask to be sure that my passphrase, secrets are not being unfortunately routed to a possibly less secure environment.
Same here, good that it has been noticed before so the team is probably on it. However it says this topic has been solved but the “additional detail” is that it is still happening so who flagged it as “solved”. I will re-scan the thread but seems that there is only a preliminary identification of the issue not a solution.
I’m also blocked. I see it’s being worked on. I’d like to know if this is connected with an attempt to hack the vaults. It wasn’t so long ago that LastPass was breached.
I had marked it as solved as I no longer had the issue, I’ve marked it unsolved as it seems to be affecting more people intermittently. It would be reassuring to confirm whether the url is owned by bitwarden!
It looks pretty obviously like a subdomain owned by bitwarden unless it is spoofed, Why would anyone think it was not owned by bitwarden? It was kind of scary because yes we thought we were going to be locked out I personally spent a couple few hours making backups. Which should be done anyway, but the problem eventually did go away. It would be good to know what is going on please don’t mark it solved until there is an explanation from tech and assurance that the problem is contained thanks.
OK so they report: Web Vault Access
Updated
About 5 hours ago
We have applied a fix and will continue to monitor the components.
Updated
About 6 hours ago
EDIT: Hit reply limit of 3 so in reference to the below post, presumably this just happened and as of one minute ago you are still locked out?
One thing that worked for me was to go to another browser or another computer where you are logged in and see if you can access your account that way. Which I did, and used that access to export backups. Before taking my chances with the backup, I manually went to each critical password file and copied the important passwords in case my login failed during the export. Please keep us advised as this issue develops. I hope it is due to server loading and not malicious actors but yeah I changed my bank password etc in case…