CRW

Home Wiki

Bitwarden

Last updated View on consumerrights.wiki ↗

Work in progress
This article has been flagged for additional work. Treat its claims as provisional.
Verification concerns
Editors have raised concerns about the verifiability of one or more claims.
Contents7
  1. Consumer-impact summary
  2. Incidents
  3. Malicious @bitwarden/cli (NPM) package (2026)
  4. Quiet changes (2026)
  5. Products
  6. See also
  7. References
Bitwarden
Basic information
Founded 2019-10-28
Legal Structure Private
Industry Software
Also known as Bitwarden, Inc.
Official website https://bitwarden.com

Bitwarden is an American software company, incorporated in Delaware and with headquarters in Santa Barbara, California.[1][2] Its main product is the eponymous password manager.

Consumer-impact summary

Overview of concerns that arise from the conduct towards users of the product (if applicable):

  • User freedom
  • User privacy
  • Business model
  • Market control

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.


Incidents

Malicious @bitwarden/cli (NPM) package (2026)

In April 2026, it was revealed that Bitwarden's CLI package, distributed via npm, included a "credential-stealing payload." Reportedly, only the only affected users were the CLI package's users, not all Bitwarden users in general.[3] The package also reportedly contained the string "Shai-Hulud: The Third Coming", "Shai-Hulud" referring to a computer worm.[4] It was also reported that:

OX Security has observed real user information leaked by the malware. The infection is likely to spread further across NPM and GitHub as more machines are compromised over time.


The malware’s origin is potentially Russian — it does not execute if the Russian language is configured on the host machine.

[5]

Quiet changes (2026)

Always free

The longtime CEO, Michael Crandell is in an "advisory role" since February. In addition, Bitwarden's CFO was replaced in April. There weren't any official announcements for either of these changes. Bitwarden's free plan on their product page included the phrases "Free Forever" and "Always free."[6] These phrases are present even on the Wayback machine's oldest archive (2022-06-25) of Bitwarden's product site.[7]

  • (I) Bitwarden product page Wayback machine on 2026-04-14
    (I) Bitwarden product page Wayback machine on 2026-04-14
  • (II) Bitwarden product page Wayback machine on 2026-04-18
    (II) Bitwarden product page Wayback machine on 2026-04-18
  • (III) Bitwarden product page Wayback machine on 2026-05-15
    (III) Bitwarden product page Wayback machine on 2026-05-15
  • (IV) Bitwarden product page Wayback machine on 2026-05-19
    (IV) Bitwarden product page Wayback machine on 2026-05-19

"Always free" reportedly disappeared from the site in April.[6] The archives from April, (I) and (II), reveal that the phrase disappeared sometime between 2026-04-14 (left on image I) and 2026-04-18 (bottom on image II). The archives from May, (III) and (IV) ,reveal that it came back sometime between 2026-05-15 (bottom left on image III) and 2026-05-19 (bottom left on image IV).[8][9][10][11] A Reddit user by the name of "Ryan_BW", reportedly a Bitwarden employee[6], made a post addressing the issue on 2026-05-15, stating that:

I would like to share that "always free" has been brought back to the pricing page. There was no specific intention to remove that language from the website while pages were being updated. Simply an oversight on the marketing team (myself included).

The comment was met with several negative replies from other Redditors.[12]

GRIT

Bitwarden has used the GRIT acronym to describe its company culture for years, standing for Gratitude, Responsibility, Inclusion, and Transparency.

On the Wayback machine's archive from 2026-03-14, they were still unchanged on Bitwarden's blog.[13]

At some point after that, they were quietly changed. GRIT now stands for Gratitude, Responsibility, Innovation, and Trust.

[6] The original blog post was also updated, so that it now includes the new version of the acronym.[6][14]

Products

  • Bitwarden password manager

See also

References

  1. "Division of Corporations". icis.corp.delaware.gov. File Number: 7654941{{cite web}}: CS1 maint: url-status (link)
  2. "Business Search". bizfileonline.sos.ca.gov. BITWARDEN INC. (4612828){{cite web}}: CS1 maint: url-status (link)
  3. Winder, Davey (2026-04-24). "Bitwarden Confirms Compromise—Here Are The Facts". forbes.com. Archived from the original on 2026-06-27.
  4. Moore, Justin (2025-11-25). ""Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack". unit42.paloaltonetworks.com. Archived from the original on 2026-06-27.
  5. Siman Tov Bustan; Zadok (2026-04-23). "Shai-Hulud: The Third Coming — Bitwarden CLI Backdoored in Latest Supply Chain Campaign". ox.security. Archived from the original on 2026-06-27.
  6. 6.0 6.1 6.2 6.3 6.4 Rudra, Souray (2026-05-19). "Things Are Quietly Changing at Bitwarden, and People Are Worried". itsfoss.com. Archived from the original on 2026-06-27.
  7. "The Bitwarden Password Manager". archive.org. 2022-06-25.{{cite web}}: CS1 maint: url-status (link)
  8. "Best Free & Premium Password Manager". archive.org. 2026-04-14.{{cite web}}: CS1 maint: url-status (link)
  9. "Best Free & Premium Password Manager". archive.org. 2026-04-18.{{cite web}}: CS1 maint: url-status (link)
  10. "Best Free & Premium Password Manager". archive.org. 2026-05-15.{{cite web}}: CS1 maint: url-status (link)
  11. "Best Free & Premium Password Manager". archive.org. 2026-05-19.{{cite web}}: CS1 maint: url-status (link)
  12. Ryan_BW (2026-05-15). "Ryan_BW comments on FastCompany: intriguing corporate gossip about Bitwarden". reddit.com. Archived from the original on 2026-06-27.
  13. Crandell, Michael (2026-03-14) [2022-06-08]. "Defining and sustaining value for Bitwarden users". archive.org.{{cite web}}: CS1 maint: url-status (link)
  14. Crandell, Michael (2022-06-08). "Defining and sustaining value for Bitwarden users". bitwarden.com. Archived from the original on 2026-06-27.
Filed under