Skip to main content
April 28, 2026
Question

Bitwarden CLI Compromise

  • April 28, 2026
  • 2 replies
  • 70 views

The thing that really worries me nowadays about using my computer is supply-chain attacks. I have used computers since Windows 3.1 in the 1990s (currently MacBook Pro M1) and have always been safe and sensible when using / running software.

However, these supply chain attacks are extremely concerning for me because I can now get infected by something no matter how safe I am... AND when downloading software from official sources. 

I know that 1Password is designed very well from the blog posts and articles I've read from the company over the years. However, I'm very nervous downloading / updating / running ANY software now.

As LastPass has been hacked multiple times in the past, and now Bitwarden, it would be good if someone from 1Password could write something to address this changing threat landscape. 

2 replies

April 28, 2026

While no security product provides perfect protection, the use of an enterprise-class product on a personal machine reduces risk as compared to a consumer-grade product.  Personally, I use GravityZone by Bitdefender on an iMac at home.

AJCxZ0
April 29, 2026
sspaus wrote:

these supply chain attacks are extremely concerning for me because I can now get infected by something no matter how safe I am... AND when downloading software from official sources. 

While supply chain attacks are not new, the increased size, number and complexity of components which are involved in creating software have made this a more challenging problem.

As with every other category of vulnerability which might affect us, the concern is not that such categories of vulnerabilities exist, or even what vulnerabilities exist, but how software providers respond to them when they are found. This has just become even more critical as the tools for finding vulnerabilities just gained superpowers.

While not authorised to do so, I'll answer for 1Password: we take security seriously. They could do better with transparency.

What we end users can and should do remains unchanged: choose good software, keep it up-to-date, learn how to use it well, and maintain good hygiene.