Pro CISO’s Threat Intelligence service identifies collections of Bitwarden password manager credentials on the Darkweb
On July 2nd 2023, while
performing routine analysis for its customers, Pro CISO Threat Intelligence
experts identified collections of files containing entire Bitwarden vaults,
presenting customer credentials in clear text.
Following the responsible disclosure
practice, Pro CISO immediately notified Bitwarden through the HackerOne
platform, receiving a prompt response to verify the incident.
After some analysis Bitwarden
acknowledged the incident to be actual, attributing the leak of information to
be caused through local compromise of the end user, possibly via Stealer
malware.
When contacted, Kyle
Spearrin the CTO of Bitwarden confirmed
that there was no compromise of the Bitwarden product or service.
By August 2nd Bitwarden had informed all
its approximately 2000 impacted customers and enabled 2FA to those accounts that didn’t have
it configured.
Additionally, bad actors are riding the "AI hype" initiated by ChatGPT, advertising browser extensions that allegedly allow effortless access to AI features directly in the browser. Many of these actually contain malicious stealer malware that will capture all the information present in clear text in the browser, just the way the user himself sees it.
Pro CISO recommends individuals to be very cautious when installing software from sources with a low or unknown reputation (free software websites, hacking tools, etc) and suggests organizations to implement security awareness campaigns to inform their employees of the mentioned risks.
Contact us to know more how our managed Threat Intelligence Services can identify threats to your organization and report the presence of leaked credentials or confidential information in the Darkweb.